diff --git a/.codespellignore b/.codespellignore index accc22264f2..907a2e2599a 100644 --- a/.codespellignore +++ b/.codespellignore @@ -7,3 +7,4 @@ shouldnot decorder overriden wit +ist diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42672074da3..e560796e505 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index 5a5fbbe9fbc..5182cac62e3 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -22,11 +22,11 @@ jobs: id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} - run: "PATH=/usr/local/go/bin:$PATH make test-cover" - - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index 2c0f7db6c2e..a4d2b17982d 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -20,20 +20,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Get Go version id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} id: go - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # tag=v5.0.4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # tag=v5.0.5 name: Restore go cache with: path: | diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1d8a2052c05..6eb9643ed20 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml index 6ef1a07f4ea..5ece52a856b 100644 --- a/.github/workflows/lint-docs.yaml +++ b/.github/workflows/lint-docs.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit diff --git a/.github/workflows/pr-golangci-lint.yaml b/.github/workflows/pr-golangci-lint.yaml index 75eccbc5e63..d9292c588af 100644 --- a/.github/workflows/pr-golangci-lint.yaml +++ b/.github/workflows/pr-golangci-lint.yaml @@ -25,7 +25,7 @@ jobs: run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 34c531987bc..cde79d35f3d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: release_tag: ${{ steps.release-version.outputs.release_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Checkout code @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 - name: Get changed files id: changed-markdown-files - uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # tag=v47.0.5 + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # tag=v47.0.6 with: files: CHANGELOG/**.md - name: Get release version @@ -92,7 +92,7 @@ jobs: needs: push_release_tag steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Set env @@ -107,7 +107,7 @@ jobs: - name: Get Go version run: echo "go_version=$(make go-version)" >> $GITHUB_ENV - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ env.go_version }} - name: generate release artifacts @@ -118,7 +118,7 @@ jobs: curl -L "https://raw.githubusercontent.com/${{ github.repository }}/main/CHANGELOG/${{ env.RELEASE_TAG }}.md" \ -o "${{ env.RELEASE_TAG }}.md" - name: Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # tag=v2.6.1 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # tag=v3.0.0 with: draft: true files: out/* diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index aea0603fb29..fef2022f0dd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -63,7 +63,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: sarif_file: results.sarif diff --git a/.github/workflows/weekly-security-scan.yaml b/.github/workflows/weekly-security-scan.yaml index 49dac0ba46b..d64e020bc83 100644 --- a/.github/workflows/weekly-security-scan.yaml +++ b/.github/workflows/weekly-security-scan.yaml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - branch: [ main, release-1.22, release-1.21 ] + branch: [ main, release-1.24, release-1.23 ] name: Trivy runs-on: ubuntu-latest steps: @@ -26,7 +26,7 @@ jobs: id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} - name: Run verify security target diff --git a/.golangci.yml b/.golangci.yml index 975c000bce6..faf8d93f29d 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -160,7 +160,7 @@ linters: - jsontags # Ensures proper JSON tag formatting - nofloats # Prevents float type usage - nomaps # Restricts map usage - - nonullable # Prevents usage of the nullable marker + - nonullable # Prevents usage of the nullable marker - nophase # Prevents Phase field usage - notimestamp # Prevents TimeStamp field usage lintersConfig: {} @@ -340,6 +340,10 @@ linters: - staticcheck path: .*\.go$ text: 'SA1019: "sigs.k8s.io/cluster-api/util/deprecated/.*" is deprecated: This package is deprecated and is going to be removed when support for v1beta1 will be dropped.' + # Ignore GetEventRecorderFor deprecation (CAPI itself still uses it). + - linters: + - staticcheck + text: 'SA1019: (env|mgr|testEnv).GetEventRecorderFor is deprecated' # Ignore CAPZ v1beta1 deprecations (SharedGallery, VMState) still used for backward compatibility. - linters: - staticcheck diff --git a/AGENTS.md b/AGENTS.md index 379d80619e0..a7e2274aba0 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -117,6 +117,8 @@ make kind-reset **tilt-settings.yaml** is required with Azure credentials (see docs/book/src/developers/development.md for details). +`make tilt-up` runs `check-az-cli`; if `az` is missing, it warns and tells you to install the Azure CLI and retry `make tilt-up` (needed for Tilt flows that call `az`, e.g. VNet peering with AKS as management cluster). Use `VERBOSE=1 make check-az-cli` to print the detected binary path. + ### E2E Testing ```bash @@ -201,7 +203,7 @@ make generate-go # Regenerates mocks in azure/services/*/mock_*/ - `main.go`: Entry point, registers controllers and webhooks - `Makefile`: All build/test/dev targets - `Tiltfile`: Local development with Tilt -- `go.mod`: Go dependencies (uses Go 1.24+) +- `go.mod`: Go dependencies (uses Go 1.25+) - `config/`: Kustomize configurations for CRDs, RBAC, webhooks, manager - `templates/`: Cluster template flavors for different scenarios - `test/e2e/`: E2E test suites and data files diff --git a/CHANGELOG/v1.22.2.md b/CHANGELOG/v1.22.2.md new file mode 100644 index 00000000000..38bf52a3859 --- /dev/null +++ b/CHANGELOG/v1.22.2.md @@ -0,0 +1,43 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.11.7 ([#6174](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6174), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- sigs.k8s.io/structured-merge-diff/v6: v6.3.2 + +### Changed +- cel.dev/expr: v0.24.0 → v0.25.1 +- github.com/cloudflare/circl: [v1.6.1 → v1.6.3](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3) +- github.com/cncf/xds/go: [0feb691 → ee656c7](https://github.com/cncf/xds/compare/0feb691...ee656c7) +- github.com/envoyproxy/go-control-plane/envoy: [v1.35.0 → v1.36.0](https://github.com/envoyproxy/go-control-plane/compare/envoy/v1.35.0...envoy/v1.36.0) +- github.com/envoyproxy/go-control-plane: [75eaa19 → v0.14.0](https://github.com/envoyproxy/go-control-plane/compare/75eaa19...v0.14.0) +- github.com/envoyproxy/protoc-gen-validate: [v1.2.1 → v1.3.0](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.2.1...v1.3.0) +- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.27.3 → v2.27.7](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.3...v2.27.7) +- go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0 +- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.60.0 → v0.65.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.22.0 → v1.40.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/metric: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/sdk/metric: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/sdk: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/trace: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel: v1.39.0 → v1.40.0 +- golang.org/x/oauth2: v0.32.0 → v0.34.0 +- google.golang.org/genproto/googleapis/api: ff82c1b → 8636f87 +- google.golang.org/genproto/googleapis/rpc: ff82c1b → 8636f87 +- google.golang.org/grpc: v1.77.0 → v1.79.3 +- google.golang.org/protobuf: v1.36.10 → v1.36.11 +- sigs.k8s.io/cluster-api/test: v1.11.6 → v1.11.7 +- sigs.k8s.io/cluster-api: v1.11.6 → v1.11.7 + +### Removed +_Nothing has changed._ + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.1...v1.22.2 diff --git a/CHANGELOG/v1.22.4.md b/CHANGELOG/v1.22.4.md new file mode 100644 index 00000000000..af6449c67d0 --- /dev/null +++ b/CHANGELOG/v1.22.4.md @@ -0,0 +1,63 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.11.10 ([#6249](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6249), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- github.com/moby/moby/api: [v1.54.1](https://github.com/moby/moby/tree/api/v1.54.1) +- github.com/moby/moby/client: [v0.4.0](https://github.com/moby/moby/tree/client/v0.4.0) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/Azure/go-ansiterm: [306776e → faa5f7b](https://github.com/Azure/go-ansiterm/compare/306776e...faa5f7b) +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-connections: [v0.5.0 → v0.6.0](https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/emicklei/go-restful/v3: [v3.12.2 → v3.13.0](https://github.com/emicklei/go-restful/compare/v3.12.2...v3.13.0) +- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.27.7 → v2.28.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.7...v2.28.0) +- github.com/moby/term: [v0.5.0 → v0.5.2](https://github.com/moby/term/compare/v0.5.0...v0.5.2) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/metric: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.40.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- golang.org/x/crypto: v0.47.0 → v0.49.0 +- golang.org/x/mod: v0.32.0 → v0.33.0 +- golang.org/x/net: v0.49.0 → v0.52.0 +- golang.org/x/oauth2: v0.34.0 → v0.35.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.40.0 → v0.42.0 +- golang.org/x/telemetry: 8fff8a5 → e7419c6 +- golang.org/x/term: v0.39.0 → v0.41.0 +- golang.org/x/text: v0.33.0 → v0.35.0 +- golang.org/x/tools: v0.40.0 → v0.42.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 8636f87 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 8636f87 → 9d38bb4 +- google.golang.org/grpc: v1.79.3 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- sigs.k8s.io/cluster-api/test: v1.11.7 → v1.11.10 +- sigs.k8s.io/cluster-api: v1.11.7 → v1.11.10 + +### Removed +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.3.3+incompatible](https://github.com/docker/docker/tree/v28.3.3) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.2...v1.22.4 diff --git a/CHANGELOG/v1.23.1.md b/CHANGELOG/v1.23.1.md new file mode 100644 index 00000000000..395db54068b --- /dev/null +++ b/CHANGELOG/v1.23.1.md @@ -0,0 +1,57 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.12.7 ([#6250](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6250), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- github.com/moby/moby/api: [v1.54.1](https://github.com/moby/moby/tree/api/v1.54.1) +- github.com/moby/moby/client: [v0.4.0](https://github.com/moby/moby/tree/client/v0.4.0) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/coredns/corefile-migration: [v1.0.30 → v1.0.31](https://github.com/coredns/corefile-migration/compare/v1.0.30...v1.0.31) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.41.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- golang.org/x/crypto: v0.48.0 → v0.49.0 +- golang.org/x/net: v0.50.0 → v0.52.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.41.0 → v0.42.0 +- golang.org/x/telemetry: bd525da → e7419c6 +- golang.org/x/term: v0.40.0 → v0.41.0 +- golang.org/x/text: v0.34.0 → v0.35.0 +- golang.org/x/tools: v0.41.0 → v0.42.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 4cfbd41 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 4cfbd41 → 9d38bb4 +- google.golang.org/grpc: v1.79.1 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- sigs.k8s.io/cluster-api/test: v1.12.4 → v1.12.7 +- sigs.k8s.io/cluster-api: v1.12.4 → v1.12.7 + +### Removed +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.5.2+incompatible](https://github.com/docker/docker/tree/v28.5.2) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.23.0...v1.23.1 diff --git a/CHANGELOG/v1.24.0.md b/CHANGELOG/v1.24.0.md new file mode 100644 index 00000000000..cae4fb0caf7 --- /dev/null +++ b/CHANGELOG/v1.24.0.md @@ -0,0 +1,137 @@ +## Changes by Kind + +### Feature + +- Make tilt-up now runs a check that warns when the Azure CLI (az) is not installed or not on PATH, with optional VERBOSE=1 on make check-az-cli to print the detected binary path. ([#6177](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6177), [@vishalanarase](https://github.com/vishalanarase)) + +### Other (Cleanup or Flake) + +- Bump Azure Service Operator from v2.13.0 to v2.16.0 ([#6238](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6238), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0 ([#6251](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6251), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0-rc.0 ([#6182](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6182), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0-rc.1 ([#6244](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6244), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.1 ([#6262](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6262), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices: [v1.8.0](https://github.com/Azure/azure-sdk-for-go/tree/sdk/resourcemanager/cognitiveservices/armcognitiveservices/v1.8.0) +- github.com/go-openapi/swag/jsonname: [v0.25.1](https://github.com/go-openapi/swag/tree/jsonname/v0.25.1) +- github.com/google/go-github/v82: [v82.0.0](https://github.com/google/go-github/tree/v82.0.0) +- github.com/microsoft/kiota-abstractions-go: [v1.9.3](https://github.com/microsoft/kiota-abstractions-go/tree/v1.9.3) +- github.com/microsoft/kiota-authentication-azure-go: [v1.3.1](https://github.com/microsoft/kiota-authentication-azure-go/tree/v1.3.1) +- github.com/microsoft/kiota-http-go: [v1.5.4](https://github.com/microsoft/kiota-http-go/tree/v1.5.4) +- github.com/microsoft/kiota-serialization-form-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-form-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-json-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-json-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-multipart-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-multipart-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-text-go: [v1.1.3](https://github.com/microsoft/kiota-serialization-text-go/tree/v1.1.3) +- github.com/microsoftgraph/msgraph-sdk-go-core: [v1.4.0](https://github.com/microsoftgraph/msgraph-sdk-go-core/tree/v1.4.0) +- github.com/microsoftgraph/msgraph-sdk-go: [v1.87.0](https://github.com/microsoftgraph/msgraph-sdk-go/tree/v1.87.0) +- github.com/moby/moby/api: [v1.54.2](https://github.com/moby/moby/tree/api/v1.54.2) +- github.com/moby/moby/client: [v0.4.1](https://github.com/moby/moby/tree/client/v0.4.1) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- github.com/std-uritemplate/std-uritemplate/go/v2: [v2.0.3](https://github.com/std-uritemplate/std-uritemplate/tree/go/v2/v2.0.3) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/Azure/azure-sdk-for-go/sdk/azcore: [v1.21.0 → v1.21.1](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.21.0...sdk/azcore/v1.21.1) +- github.com/Azure/azure-sdk-for-go/sdk/internal: [v1.11.2 → v1.12.0](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.11.2...sdk/internal/v1.12.0) +- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch: [v1.3.0 → v1.4.0](https://github.com/Azure/azure-sdk-for-go/compare/sdk/resourcemanager/search/armsearch/v1.3.0...sdk/resourcemanager/search/armsearch/v1.4.0) +- github.com/Azure/azure-service-operator/v2: [v2.13.0 → v2.16.0](https://github.com/Azure/azure-service-operator/compare/v2.13.0...v2.16.0) +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/alecthomas/units: [b94a6e3 → 0f3dac3](https://github.com/alecthomas/units/compare/b94a6e3...0f3dac3) +- github.com/coredns/corefile-migration: [v1.0.30 → v1.0.31](https://github.com/coredns/corefile-migration/compare/v1.0.30...v1.0.31) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-connections: [v0.6.0 → v0.7.0](https://github.com/docker/go-connections/compare/v0.6.0...v0.7.0) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/fatih/color: [v1.18.0 → v1.19.0](https://github.com/fatih/color/compare/v1.18.0...v1.19.0) +- github.com/go-openapi/jsonpointer: [v0.21.2 → v0.22.1](https://github.com/go-openapi/jsonpointer/compare/v0.21.2...v0.22.1) +- github.com/go-sql-driver/mysql: [v1.9.2 → v1.9.3](https://github.com/go-sql-driver/mysql/compare/v1.9.2...v1.9.3) +- github.com/google/go-querystring: [v1.1.0 → v1.2.0](https://github.com/google/go-querystring/compare/v1.1.0...v1.2.0) +- github.com/google/pprof: [294ebfa → 545e8a4](https://github.com/google/pprof/compare/294ebfa...545e8a4) +- github.com/hbollon/go-edlib: [v1.6.0 → v1.7.0](https://github.com/hbollon/go-edlib/compare/v1.6.0...v1.7.0) +- github.com/jackc/pgx/v5: [v5.7.4 → v5.7.6](https://github.com/jackc/pgx/compare/v5.7.4...v5.7.6) +- github.com/jellydator/ttlcache/v3: [v3.3.0 → v3.4.0](https://github.com/jellydator/ttlcache/compare/v3.3.0...v3.4.0) +- github.com/microsoft/go-mssqldb: [v1.8.0 → v1.9.3](https://github.com/microsoft/go-mssqldb/compare/v1.8.0...v1.9.3) +- github.com/moby/spdystream: [v0.5.0 → v0.5.1](https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1) +- github.com/onsi/ginkgo/v2: [v2.28.1 → v2.28.3](https://github.com/onsi/ginkgo/compare/v2.28.1...v2.28.3) +- github.com/onsi/gomega: [v1.39.1 → v1.40.0](https://github.com/onsi/gomega/compare/v1.39.1...v1.40.0) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- github.com/prometheus/client_golang: [v1.23.0 → v1.23.2](https://github.com/prometheus/client_golang/compare/v1.23.0...v1.23.2) +- github.com/prometheus/common: [v0.65.0 → v0.67.5](https://github.com/prometheus/common/compare/v0.65.0...v0.67.5) +- github.com/prometheus/otlptranslator: [8549f4a → v1.0.0](https://github.com/prometheus/otlptranslator/compare/8549f4a...v1.0.0) +- github.com/prometheus/procfs: [v0.19.2 → v0.20.1](https://github.com/prometheus/procfs/compare/v0.19.2...v0.20.1) +- github.com/samber/lo: [v1.51.0 → v1.52.0](https://github.com/samber/lo/compare/v1.51.0...v1.52.0) +- github.com/spf13/cobra: [v1.10.1 → v1.10.2](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) +- github.com/valyala/fastjson: [v1.6.4 → v1.6.10](https://github.com/valyala/fastjson/compare/v1.6.4...v1.6.10) +- go.etcd.io/bbolt: v1.4.2 → v1.4.3 +- go.etcd.io/etcd/api/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/client/pkg/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/client/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5 +- go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/prometheus: v0.59.1 → v0.65.0 +- go.opentelemetry.io/otel/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.41.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- go.yaml.in/yaml/v2: v2.4.3 → v2.4.4 +- golang.org/x/crypto: v0.48.0 → v0.50.0 +- golang.org/x/mod: v0.33.0 → v0.35.0 +- golang.org/x/net: v0.50.0 → v0.53.0 +- golang.org/x/oauth2: v0.35.0 → v0.36.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.41.0 → v0.43.0 +- golang.org/x/telemetry: bd525da → be6f6cb +- golang.org/x/term: v0.40.0 → v0.42.0 +- golang.org/x/text: v0.34.0 → v0.36.0 +- golang.org/x/time: v0.12.0 → v0.14.0 +- golang.org/x/tools: v0.41.0 → v0.44.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 4cfbd41 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 4cfbd41 → 9d38bb4 +- google.golang.org/grpc: v1.79.1 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- k8s.io/api: v0.34.3 → v0.35.4 +- k8s.io/apiextensions-apiserver: v0.34.3 → v0.35.4 +- k8s.io/apimachinery: v0.34.3 → v0.35.4 +- k8s.io/apiserver: v0.34.3 → v0.35.4 +- k8s.io/client-go: v0.34.3 → v0.35.4 +- k8s.io/cluster-bootstrap: v0.34.2 → v0.35.4 +- k8s.io/code-generator: v0.34.3 → v0.35.4 +- k8s.io/component-base: v0.34.3 → v0.35.4 +- k8s.io/gengo/v2: 85fd79d → ec3ebc5 +- k8s.io/kms: v0.34.3 → v0.35.4 +- k8s.io/kube-openapi: d7b6acb → 589584f +- k8s.io/utils: 0af2bda → bc988d5 +- sigs.k8s.io/cluster-api/test: v1.12.4 → v1.13.1 +- sigs.k8s.io/cluster-api: v1.12.4 → v1.13.1 +- sigs.k8s.io/controller-runtime: v0.22.5 → v0.23.3 +- sigs.k8s.io/structured-merge-diff/v6: d9cc664 → v6.4.0 + +### Removed +- github.com/ProtonMail/go-crypto: [7d5c6f0](https://github.com/ProtonMail/go-crypto/tree/7d5c6f0) +- github.com/asaskevich/govalidator: [a9d515a](https://github.com/asaskevich/govalidator/tree/a9d515a) +- github.com/bwesterb/go-ristretto: [v1.2.3](https://github.com/bwesterb/go-ristretto/tree/v1.2.3) +- github.com/cloudflare/circl: [v1.6.3](https://github.com/cloudflare/circl/tree/v1.6.3) +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.5.2+incompatible](https://github.com/docker/docker/tree/v28.5.2) +- github.com/google/go-github/v53: [v53.2.0](https://github.com/google/go-github/tree/v53.2.0) +- github.com/kisielk/errcheck: [v1.5.0](https://github.com/kisielk/errcheck/tree/v1.5.0) +- github.com/kisielk/gotool: [v1.0.0](https://github.com/kisielk/gotool/tree/v1.0.0) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 +- golang.org/x/xerrors: 5ec99f8 +- google.golang.org/appengine: v1.6.7 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.23.0...v1.24.0 diff --git a/Dockerfile b/Dockerfile index e1684c9d1d7..bc8a2ff48d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ ARG ARCH # Build the manager binary -FROM golang:1.24 AS builder +FROM golang:1.25 AS builder WORKDIR /workspace # Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy diff --git a/Makefile b/Makefile index 64d58820eb7..6635c667dd1 100644 --- a/Makefile +++ b/Makefile @@ -30,11 +30,15 @@ GOPROXY := https://proxy.golang.org endif export GOPROXY +# Ensure correct toolchain is used +GOTOOLCHAIN = go$(GO_VERSION) +export GOTOOLCHAIN + # Active module mode, as we use go modules to manage dependencies export GO111MODULE=on # Kubebuilder. -export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.34.0 +export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.35.0 export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT ?= 60s export KUBEBUILDER_CONTROLPLANE_STOP_TIMEOUT ?= 60s @@ -70,11 +74,11 @@ ifneq ($(abspath $(ROOT_DIR)),$(GOPATH)/src/sigs.k8s.io/cluster-api-provider-azu endif # Binaries. -CONTROLLER_GEN_VER := v0.19.0 +CONTROLLER_GEN_VER := v0.20.0 CONTROLLER_GEN_BIN := controller-gen CONTROLLER_GEN := $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER) -CONVERSION_GEN_VER := v0.34.0 +CONVERSION_GEN_VER := v0.35.0 CONVERSION_GEN_BIN := conversion-gen CONVERSION_GEN := $(TOOLS_BIN_DIR)/$(CONVERSION_GEN_BIN)-$(CONVERSION_GEN_VER) @@ -110,9 +114,9 @@ RELEASE_NOTES_VER := v0.18.0 RELEASE_NOTES_BIN := release-notes RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER) -TRIVY_VER := 0.64.0 +TRIVY_VER := 0.69.3 -KPROMO_VER := v4.0.5 +KPROMO_VER := 5ab0dbc74b0228c22a93d240596dff77464aee8f KPROMO_BIN := kpromo KPROMO := $(TOOLS_BIN_DIR)/$(KPROMO_BIN)-$(KPROMO_VER) @@ -124,7 +128,7 @@ GINKGO_VER := $(shell go list -m -f '{{.Version}}' github.com/onsi/ginkgo/v2) GINKGO_BIN := ginkgo GINKGO := $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER) -KUBECTL_VER := v1.33.6 +KUBECTL_VER := v1.35.4 KUBECTL_BIN := kubectl KUBECTL := $(TOOLS_BIN_DIR)/$(KUBECTL_BIN)-$(KUBECTL_VER) @@ -145,7 +149,7 @@ CODESPELL_BIN := codespell CODESPELL_DIST_DIR := codespell_dist CODESPELL := $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/$(CODESPELL_BIN) -SETUP_ENVTEST_VER := release-0.22 +SETUP_ENVTEST_VER := release-0.23 SETUP_ENVTEST_BIN := setup-envtest SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER)) SETUP_ENVTEST_PKG := sigs.k8s.io/controller-runtime/tools/setup-envtest @@ -179,7 +183,7 @@ WEBHOOK_ROOT ?= $(MANIFEST_ROOT)/webhook RBAC_ROOT ?= $(MANIFEST_ROOT)/rbac ASO_CRDS_PATH := $(MANIFEST_ROOT)/aso/crds.yaml ASO_VERSION := $(shell go list -m -f '{{ .Version }}' github.com/Azure/azure-service-operator/v2) -ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com managedclusters.containerservice.azure.com managedclustersagentpools.containerservice.azure.com bastionhosts.network.azure.com virtualnetworks.network.azure.com virtualnetworkssubnets.network.azure.com privateendpoints.network.azure.com fleetsmembers.containerservice.azure.com extensions.kubernetesconfiguration.azure.com +ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com managedclusters.containerservice.azure.com managedclustersagentpools.containerservice.azure.com bastionhosts.network.azure.com virtualnetworks.network.azure.com virtualnetworkssubnets.network.azure.com privateendpoints.network.azure.com fleetsmembers.containerservice.azure.com extensions.kubernetesconfiguration.azure.com maintenanceconfigurations.containerservice.azure.com # Allow overriding the imagePullPolicy PULL_POLICY ?= Always @@ -361,10 +365,10 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create ./hack/create-custom-cloud-provider-config.sh # Deploy CAPI - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAAPH - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.1/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAPZ if [ "$(MGMT_CLUSTER_TYPE)" != "aks" ]; then \ @@ -390,14 +394,6 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create # Wait for CAPZ deployments $(KUBECTL) wait --for=condition=Available --timeout=5m -n capz-system deployment --all - # This is a temporary fix to apply https://github.com/kubernetes-sigs/cluster-api/pull/13177 which stops setting - # ControlPlaneKubeletLocalMode for K8s v1.36+ clusters. - # Override kubeadm control plane controller image on the management cluster (temporary fix) - # Remove this when CAPI_VERSION above is update to v1.12.3 OR GREATER - timeout --foreground 300 bash -c "until $(KUBECTL) -n capi-kubeadm-control-plane-system get deployment/capi-kubeadm-control-plane-controller-manager > /dev/null 2>&1; do sleep 3; done" - $(KUBECTL) -n capi-kubeadm-control-plane-system set image deployment/capi-kubeadm-control-plane-controller-manager manager="gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v20260109-v1.12.0-rc.0-186-ga64cfe0cc" - $(KUBECTL) -n capi-kubeadm-control-plane-system rollout status deployment/capi-kubeadm-control-plane-controller-manager --timeout=5m - # required sleep for when creating management and workload cluster simultaneously # Wait for the core CRD resources to be "installed" onto the mgmt cluster before returning control timeout --foreground 300 bash -c "until $(KUBECTL) get clusters -A; do sleep 3; done" @@ -542,6 +538,7 @@ generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc. paths=./api/... \ paths=./$(EXP_DIR)/api/... \ paths=./internal/webhooks/... \ + paths=./internal/exp/webhooks/... \ crd:crdVersions=v1 \ rbac:roleName=base-manager-role \ output:crd:dir=$(CRD_ROOT) \ @@ -579,6 +576,10 @@ generate-addons: fetch-calico-manifests $(ENVSUBST) .PHONY: generate-aso-crds # The yq command filters the list of all ASO CRDs to just the ones specified by ASO_CRDS. +# The second yq command strips OpenAPI `description` fields from the schemas to keep +# the resulting CRDs small enough for API servers (e.g. EKS) that have tighter +# request-size or streaming-timeout budgets than kind/AKS. `description` is metadata +# only, so removing it does not affect validation. # The sed command changes '$$' to '$$$$' so once the CRDs get run through # envsubst, '$$$$' changes back to '$$' so ASO will not detect a diff and try to # update the CRDs for which we don't give it permission. @@ -586,6 +587,7 @@ generate-aso-crds: $(YQ) $(YQ) e -i '.resources[] |= sub("^(https://github\.com/Azure/azure-service-operator/releases/download/)[^/]+(/.*_).*(\.yaml)$$", "$${1}$(ASO_VERSION)$${2}$(ASO_VERSION)$${3}")' $(ROOT_DIR)/config/aso/kustomization.yaml curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/$(ASO_VERSION)/azureserviceoperator_customresourcedefinitions_$(ASO_VERSION).yaml" | \ $(YQ) e '. | select($(foreach name,$(ASO_CRDS),.metadata.name == "$(name)" or )false)' - | \ + $(YQ) e 'del(.. | select(has("description")).description)' - | \ sed 's/\$$\$$/$$$$$$$$/g' \ > $(ASO_CRDS_PATH) @@ -829,8 +831,19 @@ aks-create: $(KUBECTL) ## Create aks cluster as mgmt cluster. aks-delete: $(KUBECTL) ## Deletes the resource group and the associated AKS clusters listed under allowed_contexts in ./tilt-settings.yaml . ./scripts/aks-delete.sh +.PHONY: check-az-cli +check-az-cli: ## Warn if Azure CLI (az) is not installed (Tilt uses it for VNet peering with AKS management clusters). Set VERBOSE=1 to print path when found. + @if ! command -v az >/dev/null 2>&1; then \ + echo "WARNING: Azure CLI (az) is not installed or not on your PATH."; \ + echo " Please install it before continuing with Tilt; without it, steps that call 'az' (for example VNet peering with an AKS management cluster) will fail."; \ + echo " Install: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli"; \ + echo " After installing, ensure 'az' is on your PATH, then run make tilt-up again."; \ + elif [ -n "$(VERBOSE)" ]; then \ + echo "Azure CLI (az) found: $$(command -v az)"; \ + fi + .PHONY: tilt-up -tilt-up: install-tools ## Start tilt and build kind cluster if needed. +tilt-up: install-tools check-az-cli ## Start tilt and build kind cluster if needed. @if [ -z "${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY}" ]; then \ export AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY=$(shell cat $(AZURE_IDENTITY_ID_FILEPATH)); \ fi; \ diff --git a/Tiltfile b/Tiltfile index c14b8b8f390..b1e94ed7e66 100644 --- a/Tiltfile +++ b/Tiltfile @@ -22,10 +22,10 @@ settings = { "deploy_cert_manager": True, "preload_images_for_kind": True, "kind_cluster_name": "capz", - "capi_version": "v1.12.4", - "caaph_version": "v0.6.1", - "cert_manager_version": "v1.19.1", - "kubernetes_version": "v1.33.6", + "capi_version": "v1.13.1", + "caaph_version": "v0.6.2", + "cert_manager_version": "v1.20.2", + "kubernetes_version": "v1.35.4", "aks_kubernetes_version": "v1.30.2", "flatcar_version": "3374.2.1", "azure_location": "eastus", @@ -173,7 +173,7 @@ def validate_auth(): tilt_helper_dockerfile_header = """ # Tilt image -FROM golang:1.24 AS tilt-helper +FROM golang:1.25 AS tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/windmilleng/rerun-process-wrapper/master/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/windmilleng/rerun-process-wrapper/master/start.sh && \ @@ -538,7 +538,6 @@ def waitforsystem(): local(kubectl_cmd + " wait --for=condition=ready --timeout=300s pod --all -n capi-system") def peer_vnets(): - # TODO: check for az cli to be installed in local peering_cmd = ''' echo "--------Peering VNETs--------"; az network vnet wait --resource-group ${AKS_RESOURCE_GROUP} --name ${AKS_MGMT_VNET_NAME} --created --timeout 180; diff --git a/azure/converters/managedagentpool.go b/azure/converters/managedagentpool.go index cc29b7f29bf..b515882d0d8 100644 --- a/azure/converters/managedagentpool.go +++ b/azure/converters/managedagentpool.go @@ -23,7 +23,7 @@ import ( // then updated to the user-defined value. If the field is immutable, this // update will fail. The linter should catch if there are missing fields, // but verify that check is actually working. - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "k8s.io/utils/ptr" ) @@ -40,12 +40,15 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma EnableFIPS: properties.EnableFIPS, EnableNodePublicIP: properties.EnableNodePublicIP, EnableUltraSSD: properties.EnableUltraSSD, + GatewayProfile: properties.GatewayProfile, GpuInstanceProfile: properties.GpuInstanceProfile, + GpuProfile: properties.GpuProfile, HostGroupReference: properties.HostGroupReference, KubeletConfig: properties.KubeletConfig, KubeletDiskType: properties.KubeletDiskType, LinuxOSConfig: properties.LinuxOSConfig, MaxCount: properties.MaxCount, + MessageOfTheDay: properties.MessageOfTheDay, MaxPods: properties.MaxPods, MinCount: properties.MinCount, Mode: properties.Mode, @@ -59,6 +62,7 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma OsDiskType: properties.OsDiskType, OsSKU: properties.OsSKU, OsType: properties.OsType, + PodIPAllocationMode: properties.PodIPAllocationMode, PodSubnetReference: properties.PodSubnetReference, PowerState: properties.PowerState, PropertyBag: properties.PropertyBag, @@ -71,6 +75,8 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma Tags: properties.Tags, Type: properties.Type, UpgradeSettings: properties.UpgradeSettings, + VirtualMachineNodesStatus: properties.VirtualMachineNodesStatus, + VirtualMachinesProfile: properties.VirtualMachinesProfile, VmSize: properties.VmSize, VnetSubnetReference: properties.VnetSubnetReference, WindowsProfile: properties.WindowsProfile, diff --git a/azure/converters/managedagentpool_test.go b/azure/converters/managedagentpool_test.go index c03b13eaaa5..ed331380078 100644 --- a/azure/converters/managedagentpool_test.go +++ b/azure/converters/managedagentpool_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" . "github.com/onsi/gomega" "k8s.io/utils/ptr" diff --git a/azure/defaults.go b/azure/defaults.go index 37cc3d76d52..fa8231e0310 100644 --- a/azure/defaults.go +++ b/azure/defaults.go @@ -54,7 +54,7 @@ const ( // DefaultLinuxGalleryImageName is the default Linux community gallery image definition. DefaultLinuxGalleryImageName = "capi-ubun2-2404" // DefaultWindowsGalleryImageName is the default Windows community gallery image definition. - DefaultWindowsGalleryImageName = "capi-win-2019-containerd" + DefaultWindowsGalleryImageName = "capi-win-2022-containerd" ) const ( @@ -74,7 +74,7 @@ const ( const ( // DefaultWindowsOsAndVersion is the default Windows Server version to use when // generating default images for Windows nodes. - DefaultWindowsOsAndVersion = "windows-2019" + DefaultWindowsOsAndVersion = "windows-2022" ) const ( diff --git a/azure/scope/machinepool.go b/azure/scope/machinepool.go index 2837b116245..228af6fe5b2 100644 --- a/azure/scope/machinepool.go +++ b/azure/scope/machinepool.go @@ -692,7 +692,12 @@ func (m *MachinePoolScope) Close(ctx context.Context) error { ctx, log, done := tele.StartSpanWithLogger(ctx, "scope.MachinePoolScope.Close") defer done() - if m.vmssState != nil { + // Only sync MachinePool w/ MachinePoolMachines if the MachinePool + // represents an actual Azure VMSS (vmssState != nil), and if the + // MachinePool is not in an active state of deletion + // (DeletionTimestamp.IsZero()) to avoid recreating + // AzureMachinePoolMachines that reconcileDelete just removed. + if m.vmssState != nil && m.AzureMachinePool.DeletionTimestamp.IsZero() { if err := m.applyAzureMachinePoolMachines(ctx); err != nil { log.Error(err, "failed to apply changes to the AzureMachinePoolMachines") return errors.Wrap(err, "failed to apply changes to AzureMachinePoolMachines") diff --git a/azure/scope/machinepool_test.go b/azure/scope/machinepool_test.go index 4c1e9e5b177..bf589350470 100644 --- a/azure/scope/machinepool_test.go +++ b/azure/scope/machinepool_test.go @@ -1568,6 +1568,153 @@ func TestMachinePoolScope_applyAzureMachinePoolMachines(t *testing.T) { } } +func TestMachinePoolScope_Close_SkipsMachineSyncDuringDeletion(t *testing.T) { + ctx, cancel := context.WithCancel(t.Context()) + defer cancel() + scheme := runtime.NewScheme() + _ = clusterv1.AddToScheme(scheme) + _ = infrav1exp.AddToScheme(scheme) + _ = infrav1.AddToScheme(scheme) + + tests := []struct { + Name string + Setup func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) + // PostFetch runs after objects are fetched from the fake client (with server-generated metadata). + // Use this to set fields like DeletionTimestamp that the fake client won't persist from WithObjects. + PostFetch func(amp *infrav1exp.AzureMachinePool) + Verify func(g *WithT, c client.Client, err error) + }{ + { + Name: "Close does not recreate AzureMachinePoolMachines when AzureMachinePool has a deletion timestamp", + Setup: func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) { + mp.Spec.Replicas = ptr.To[int32](1) + amp.Finalizers = []string{clusterv1.MachinePoolFinalizer} + + // Simulate the race: VMSS is still visible in Azure with a running instance, + // but the AzureMachinePoolMachine for it has already been deleted by reconcileDelete. + vmssState.Instances = []azure.VMSSVM{ + { + ID: "/subscriptions/123/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss/virtualMachines/1", + Name: "ampm1", + State: infrav1.Succeeded, + }, + } + }, + PostFetch: func(amp *infrav1exp.AzureMachinePool) { + now := metav1.Now() + amp.DeletionTimestamp = &now + }, + Verify: func(g *WithT, c client.Client, err error) { + g.Expect(err).NotTo(HaveOccurred()) + // The key assertion: no AzureMachinePoolMachine should have been created + list := infrav1exp.AzureMachinePoolMachineList{} + g.Expect(c.List(ctx, &list)).NotTo(HaveOccurred()) + g.Expect(list.Items).Should(BeEmpty()) + }, + }, + { + Name: "Close creates AzureMachinePoolMachines when AzureMachinePool is not being deleted", + Setup: func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) { + mp.Spec.Replicas = ptr.To[int32](1) + + vmssState.Instances = []azure.VMSSVM{ + { + ID: "/subscriptions/123/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss/virtualMachines/1", + Name: "ampm1", + State: infrav1.Succeeded, + }, + } + }, + Verify: func(g *WithT, c client.Client, err error) { + g.Expect(err).NotTo(HaveOccurred()) + // Normal case: AzureMachinePoolMachine should have been created + list := infrav1exp.AzureMachinePoolMachineList{} + g.Expect(c.List(ctx, &list)).NotTo(HaveOccurred()) + g.Expect(list.Items).Should(HaveLen(1)) + }, + }, + } + for _, tt := range tests { + t.Run(tt.Name, func(t *testing.T) { + var ( + g = NewWithT(t) + cluster = &clusterv1.Cluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster1", + Namespace: "default", + }, + Spec: clusterv1.ClusterSpec{ + InfrastructureRef: clusterv1.ContractVersionedObjectReference{ + Name: "azCluster1", + Kind: "AzureCluster", + APIGroup: infrav1.GroupVersion.Group, + }, + }, + Status: clusterv1.ClusterStatus{ + Initialization: clusterv1.ClusterInitializationStatus{ + InfrastructureProvisioned: ptr.To(true), + }, + }, + } + mp = &clusterv1.MachinePool{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mp1", + Namespace: "default", + OwnerReferences: []metav1.OwnerReference{ + { + Name: "cluster1", + Kind: "Cluster", + APIVersion: clusterv1.GroupVersion.String(), + }, + }, + }, + } + amp = &infrav1exp.AzureMachinePool{ + ObjectMeta: metav1.ObjectMeta{ + Name: "amp1", + Namespace: "default", + OwnerReferences: []metav1.OwnerReference{ + { + Name: "mp1", + Kind: "MachinePool", + APIVersion: clusterv1.GroupVersion.String(), + }, + }, + }, + } + vmssState = &azure.VMSS{} + ) + + tt.Setup(mp, amp, vmssState) + + cb := fake.NewClientBuilder().WithScheme(scheme).WithObjects(amp, mp, cluster).WithStatusSubresource(amp) + c := cb.Build() + + // Re-fetch objects so they have proper metadata (ResourceVersion) for patching. + g.Expect(c.Get(ctx, client.ObjectKeyFromObject(amp), amp)).To(Succeed()) + g.Expect(c.Get(ctx, client.ObjectKeyFromObject(mp), mp)).To(Succeed()) + + if tt.PostFetch != nil { + tt.PostFetch(amp) + } + + s, err := NewMachinePoolScope(MachinePoolScopeParams{ + Client: c, + MachinePool: mp, + AzureMachinePool: amp, + ClusterScope: &ClusterScope{ + Cluster: cluster, + }, + }) + g.Expect(err).NotTo(HaveOccurred()) + s.vmssState = vmssState + + err = s.Close(ctx) + tt.Verify(g, c, err) + }) + } +} + func TestMachinePoolScope_setProvisioningStateAndConditions(t *testing.T) { scheme := runtime.NewScheme() _ = clusterv1.AddToScheme(scheme) diff --git a/azure/services/agentpools/agentpools.go b/azure/services/agentpools/agentpools.go index a9e7e7d3177..79e1f0d2255 100644 --- a/azure/services/agentpools/agentpools.go +++ b/azure/services/agentpools/agentpools.go @@ -19,7 +19,7 @@ package agentpools import ( "context" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" diff --git a/azure/services/agentpools/agentpools_test.go b/azure/services/agentpools/agentpools_test.go index d121fd31fac..8009694a671 100644 --- a/azure/services/agentpools/agentpools_test.go +++ b/azure/services/agentpools/agentpools_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/gomega" "github.com/pkg/errors" "go.uber.org/mock/gomock" diff --git a/azure/services/agentpools/spec.go b/azure/services/agentpools/spec.go index 57d72c71d7d..64f16a46d6d 100644 --- a/azure/services/agentpools/spec.go +++ b/azure/services/agentpools/spec.go @@ -20,8 +20,8 @@ import ( "context" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/azure/services/agentpools/spec_test.go b/azure/services/agentpools/spec_test.go index 7784d5ad0d6..f478a9b1914 100644 --- a/azure/services/agentpools/spec_test.go +++ b/azure/services/agentpools/spec_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/azure/services/managedclusters/managedclusters.go b/azure/services/managedclusters/managedclusters.go index 3b50cff0cf6..747df015d08 100644 --- a/azure/services/managedclusters/managedclusters.go +++ b/azure/services/managedclusters/managedclusters.go @@ -21,7 +21,7 @@ import ( "fmt" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" diff --git a/azure/services/managedclusters/managedclusters_test.go b/azure/services/managedclusters/managedclusters_test.go index 02417242886..f5fcebfed1d 100644 --- a/azure/services/managedclusters/managedclusters_test.go +++ b/azure/services/managedclusters/managedclusters_test.go @@ -21,7 +21,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/gomega" "go.uber.org/mock/gomock" corev1 "k8s.io/api/core/v1" diff --git a/azure/services/managedclusters/spec.go b/azure/services/managedclusters/spec.go index cd350460d8b..497e1aeed74 100644 --- a/azure/services/managedclusters/spec.go +++ b/azure/services/managedclusters/spec.go @@ -24,8 +24,8 @@ import ( "sort" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/pkg/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/azure/services/managedclusters/spec_test.go b/azure/services/managedclusters/spec_test.go index 7886b10b80c..700de17542e 100644 --- a/azure/services/managedclusters/spec_test.go +++ b/azure/services/managedclusters/spec_test.go @@ -21,7 +21,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/azure/services/privateendpoints/spec_test.go b/azure/services/privateendpoints/spec_test.go index 933271e635e..0552c3060e6 100644 --- a/azure/services/privateendpoints/spec_test.go +++ b/azure/services/privateendpoints/spec_test.go @@ -102,7 +102,7 @@ var ( }, } - fakeASOPrivateEndpointsStatus = asonetworkv1.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded{ + fakeASOPrivateEndpointsStatus = asonetworkv1.PrivateEndpoint_STATUS{ ApplicationSecurityGroups: []asonetworkv1.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded{ { Id: ptr.To(fakePrivateEndpoint.ApplicationSecurityGroups[0]), diff --git a/azure/services/scalesets/scalesets.go b/azure/services/scalesets/scalesets.go index 680d1d092d0..60b6ecf6874 100644 --- a/azure/services/scalesets/scalesets.go +++ b/azure/services/scalesets/scalesets.go @@ -156,7 +156,7 @@ func (s *Service) updateScopeState(ctx context.Context, result any, scaleSetSpec // Delete deletes a scale set asynchronously. Delete sends a DELETE request to Azure and if accepted without error, // the VMSS will be considered deleted. The actual delete in Azure may take longer, but should eventually complete. func (s *Service) Delete(ctx context.Context) error { - ctx, log, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.Delete") + ctx, _, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.Delete") defer done() ctx, cancel := context.WithTimeout(ctx, s.Scope.DefaultedAzureServiceReconcileTimeout()) @@ -164,17 +164,6 @@ func (s *Service) Delete(ctx context.Context) error { scaleSetSpec := s.Scope.ScaleSetSpec(ctx) - defer func() { - fetchedVMSS, err := s.getVirtualMachineScaleSet(ctx, scaleSetSpec) - if err != nil && !azure.ResourceNotFound(err) { - log.Error(err, "failed to get vmss in deferred update") - } - - if fetchedVMSS != nil { - s.Scope.SetVMSSState(fetchedVMSS) - } - }() - err := s.DeleteResource(ctx, scaleSetSpec, serviceName) s.Scope.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, err) @@ -359,30 +348,6 @@ func (s *Service) validateAvailabilityZones(ctx context.Context, spec *ScaleSetS return nil } -// getVirtualMachineScaleSet provides information about a Virtual Machine Scale Set and its instances. -func (s *Service) getVirtualMachineScaleSet(ctx context.Context, spec azure.ResourceSpecGetter) (*azure.VMSS, error) { - ctx, _, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.getVirtualMachineScaleSet") - defer done() - - vmssResult, err := s.Client.Get(ctx, spec) - if err != nil { - return nil, errors.Wrap(err, "failed to get existing VMSS") - } - vmss, ok := vmssResult.(armcompute.VirtualMachineScaleSet) - if !ok { - return nil, errors.Errorf("%T is not an armcompute.VirtualMachineScaleSet", vmssResult) - } - - vmssInstances, err := s.Client.ListInstances(ctx, spec.ResourceGroupName(), spec.ResourceName()) - if err != nil { - return nil, errors.Wrap(err, "failed to list instances") - } - - result := converters.SDKToVMSS(vmss, vmssInstances) - - return &result, nil -} - // IsManaged returns always returns true as CAPZ does not support BYO scale set. func (s *Service) IsManaged(_ context.Context) (bool, error) { return true, nil diff --git a/azure/services/scalesets/scalesets_test.go b/azure/services/scalesets/scalesets_test.go index 7f1ed2fe2a3..93b4acf987f 100644 --- a/azure/services/scalesets/scalesets_test.go +++ b/azure/services/scalesets/scalesets_test.go @@ -360,11 +360,6 @@ func TestReconcileVMSS(t *testing.T) { func TestDeleteVMSS(t *testing.T) { defaultSpec := newDefaultVMSSSpec() - defaultInstances := newDefaultInstances() - resultVMSS := newDefaultVMSS("VM_SIZE") - resultVMSS.ID = ptr.To(defaultVMSSID) - fetchedVMSS := converters.SDKToVMSS(getResultVMSS(), defaultInstances) - // Be careful about race conditions if you need modify these. testcases := []struct { name string @@ -379,21 +374,6 @@ func TestDeleteVMSS(t *testing.T) { s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(nil) s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, nil) - - m.Get(gomockinternal.AContext(), &defaultSpec).Return(resultVMSS, nil) - m.ListInstances(gomockinternal.AContext(), defaultSpec.ResourceGroup, defaultSpec.Name).Return(defaultInstances, nil) - s.SetVMSSState(&fetchedVMSS) - }, - }, - { - name: "successfully delete an existing vmss, fetch call returns error", - expectedError: "", - expect: func(s *mock_scalesets.MockScaleSetScopeMockRecorder, r *mock_async.MockReconcilerMockRecorder, m *mock_scalesets.MockClientMockRecorder) { - s.DefaultedAzureServiceReconcileTimeout().Return(reconciler.DefaultAzureServiceReconcileTimeout) - s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() - r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(nil) - s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, nil) - m.Get(gomockinternal.AContext(), &defaultSpec).Return(armcompute.VirtualMachineScaleSet{}, notFoundError) }, }, { @@ -404,7 +384,6 @@ func TestDeleteVMSS(t *testing.T) { s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(internalError()) s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, internalError()) - m.Get(gomockinternal.AContext(), &defaultSpec).Return(armcompute.VirtualMachineScaleSet{}, notFoundError) }, }, } diff --git a/azure/services/virtualmachineimages/images.go b/azure/services/virtualmachineimages/images.go index 3a6fcac29ff..9f46de479b3 100644 --- a/azure/services/virtualmachineimages/images.go +++ b/azure/services/virtualmachineimages/images.go @@ -19,7 +19,6 @@ package virtualmachineimages import ( "context" "regexp" - "strings" "github.com/blang/semver" "github.com/pkg/errors" @@ -106,7 +105,8 @@ func (s *Service) GetDefaultWindowsImage(ctx context.Context, _, k8sVersion, run if len(match) != 2 { return nil, errors.Errorf("unsupported osAndVersion %s", osAndVersion) } - imageName = strings.Replace(imageName, "2019", match[1], 1) + // Substitute the requested Windows Server year into the default image name. + imageName = regexp.MustCompile(`\d{4}`).ReplaceAllString(imageName, match[1]) } // Use the Azure Marketplace for specific older versions, to keep "clusterctl upgrade" from rolling new machines. diff --git a/cloudbuild.yaml b/cloudbuild.yaml index e584386e8f2..88dd3e678cd 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -4,7 +4,7 @@ options: substitution_option: ALLOW_LOOSE machineType: 'E2_HIGHCPU_8' steps: - - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250513-9264efb079' # Go 1.24 + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:8d6a3a5b895e6776dbe9115b75db1412fbe57299b8db329d45cb54680e462b0b' # v20251211-4c812d4cd8 entrypoint: make env: - DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index 093ed7a676f..f7533436137 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -3,10 +3,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: bastionhosts.network.azure.com spec: conversion: @@ -22,6 +22,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: BastionHost listKind: BastionHostList plural: bastionhosts @@ -45,112 +48,66 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: name: - description: 'Name: Name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateIPAllocationMethod: - description: 'PrivateIPAllocationMethod: Private IP allocation method.' enum: - Dynamic - Static type: string publicIPAddress: - description: 'PublicIPAddress: Reference of the PublicIP resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: 'Subnet: Reference of the subnet resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -160,37 +117,17 @@ spec: type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -198,29 +135,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -229,28 +150,20 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' maximum: 50 minimum: 2 type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of this Bastion Host.' enum: - Basic - Standard @@ -259,50 +172,30 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Bastion Host resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -312,65 +205,46 @@ spec: type: object type: array disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the bastion host resource.' type: string scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of this Bastion Host.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -394,43 +268,20 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.BastionHost - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.BastionHost_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: type: boolean @@ -446,84 +297,50 @@ spec: type: boolean ipConfigurations: items: - description: |- - Storage version of v1api20220701.BastionHostIPConfiguration - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string privateIPAllocationMethod: type: string publicIPAddress: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -532,40 +349,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20220701.BastionHostOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -574,27 +370,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -605,31 +386,20 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: type: integer sku: - description: |- - Storage version of v1api20220701.Sku - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -642,52 +412,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.BastionHost_STATUS - Bastion Host resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -714,16 +461,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20220701.BastionHostIPConfiguration_STATUS - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -738,16 +479,10 @@ spec: scaleUnits: type: integer sku: - description: |- - Storage version of v1api20220701.Sku_STATUS - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -780,118 +515,70 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableKerberos: - description: 'EnableKerberos: Enable/Disable Kerberos feature of the Bastion Host resource.' type: boolean enableSessionRecording: - description: 'EnableSessionRecording: Enable/Disable Session Recording feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: name: - description: 'Name: Name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateIPAllocationMethod: - description: 'PrivateIPAllocationMethod: Private IP allocation method.' enum: - Dynamic - Static type: string publicIPAddress: - description: 'PublicIPAddress: Reference of the PublicIP resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: 'Subnet: Reference of the subnet resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -901,49 +588,27 @@ spec: type: object type: array location: - description: 'Location: Resource location.' type: string networkAcls: properties: ipRules: - description: 'IpRules: Sets the IP ACL rules for Developer Bastion Host.' items: properties: addressPrefix: - description: 'AddressPrefix: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.' type: string type: object type: array type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -951,29 +616,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -982,28 +631,20 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' maximum: 50 minimum: 2 type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of the sku of this Bastion Host.' enum: - Basic - Developer @@ -1014,34 +655,23 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object virtualNetwork: - description: 'VirtualNetwork: Reference to an existing virtual network required for Developer Bastion Host only.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object zones: - description: 'Zones: A list of availability zones denoting where the resource needs to come from.' items: type: string type: array @@ -1049,44 +679,25 @@ spec: - owner type: object status: - description: Bastion Host resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -1096,93 +707,67 @@ spec: type: object type: array disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableKerberos: - description: 'EnableKerberos: Enable/Disable Kerberos feature of the Bastion Host resource.' type: boolean enableSessionRecording: - description: 'EnableSessionRecording: Enable/Disable Session Recording feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string networkAcls: properties: ipRules: - description: 'IpRules: Sets the IP ACL rules for Developer Bastion Host.' items: properties: addressPrefix: - description: 'AddressPrefix: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.' type: string type: object type: array type: object provisioningState: - description: 'ProvisioningState: The provisioning state of the bastion host resource.' type: string scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of the sku of this Bastion Host.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string virtualNetwork: - description: 'VirtualNetwork: Reference to an existing virtual network required for Developer Bastion Host only.' properties: id: - description: 'Id: Resource ID.' type: string type: object zones: - description: 'Zones: A list of availability zones denoting where the resource needs to come from.' items: type: string type: array @@ -1208,43 +793,20 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.BastionHost - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.BastionHost_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: type: boolean @@ -1264,84 +826,50 @@ spec: type: boolean ipConfigurations: items: - description: |- - Storage version of v1api20240301.BastionHostIPConfiguration - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string privateIPAllocationMethod: type: string publicIPAddress: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -1350,25 +878,17 @@ spec: location: type: string networkAcls: - description: Storage version of v1api20240301.BastionHostPropertiesFormat_NetworkAcls properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipRules: items: - description: Storage version of v1api20240301.IPRule properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -1376,40 +896,19 @@ spec: type: array type: object operatorSpec: - description: |- - Storage version of v1api20240301.BastionHostOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1418,27 +917,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1449,31 +933,20 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: type: integer sku: - description: |- - Storage version of v1api20240301.Sku - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -1483,35 +956,21 @@ spec: type: string type: object virtualNetwork: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -1523,52 +982,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.BastionHost_STATUS - Bastion Host resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -1599,16 +1035,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20240301.BastionHostIPConfiguration_STATUS - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -1619,25 +1049,17 @@ spec: name: type: string networkAcls: - description: Storage version of v1api20240301.BastionHostPropertiesFormat_NetworkAcls_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipRules: items: - description: Storage version of v1api20240301.IPRule_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -1649,16 +1071,10 @@ spec: scaleUnits: type: integer sku: - description: |- - Storage version of v1api20240301.Sku_STATUS - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -1670,16 +1086,10 @@ spec: type: type: string virtualNetwork: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -1700,10 +1110,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: extensions.kubernetesconfiguration.azure.com spec: conversion: @@ -1719,6 +1129,9 @@ spec: - v1 group: kubernetesconfiguration.azure.com names: + categories: + - azure + - kubernetesconfiguration kind: Extension listKind: ExtensionList plural: extensions @@ -1742,57 +1155,30 @@ spec: name: v1api20230501 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned - UserAssigned type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -1800,51 +1186,26 @@ spec: configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string identity: - description: 'Identity: Identity of the Extension resource' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned type: string type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1852,18 +1213,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -1871,29 +1226,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1902,44 +1241,28 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string required: - name @@ -1947,45 +1270,27 @@ spec: - publisher type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' enum: - Application - Key @@ -1993,13 +1298,10 @@ spec: - User type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' enum: - Application - Key @@ -2008,68 +1310,41 @@ spec: type: string type: object version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string required: - owner type: object status: - description: The Extension object. properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -2081,217 +1356,141 @@ spec: configurationProtectedSettings: additionalProperties: type: string - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. type: object configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object currentVersion: - description: 'CurrentVersion: Currently installed version of the extension.' type: string customLocationSettings: additionalProperties: type: string - description: 'CustomLocationSettings: Custom Location settings properties.' type: object errorInfo: - description: 'ErrorInfo: Error information from the Agent - e.g. errors during installation.' properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string identity: - description: 'Identity: Identity of the Extension resource' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object isSystemExtension: - description: 'IsSystemExtension: Flag to note if this extension is a system extension' type: boolean name: - description: 'Name: The name of the resource' type: string packageUri: - description: 'PackageUri: Uri of the Helm package' type: string plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string type: object provisioningState: - description: 'ProvisioningState: Status of installation of this extension.' type: string releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object statuses: - description: 'Statuses: Status from this extension.' items: - description: Status from the extension. properties: code: - description: 'Code: Status code provided by the Extension' type: string displayStatus: - description: 'DisplayStatus: Short description of status of the extension.' type: string level: - description: 'Level: Level of the status.' type: string message: - description: 'Message: Detailed message of the status from the Extension.' type: string time: - description: 'Time: DateLiteral (per ISO8601) noting the time of installation status.' type: string type: object type: array systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string type: object type: object @@ -2315,48 +1514,24 @@ spec: name: v1api20230501storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230501.Extension - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230501.Extension_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string @@ -2364,19 +1539,10 @@ spec: autoUpgradeMinorVersion: type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - SecretMapReference is a reference to a Kubernetes secret in the same namespace as - the resource it is on. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -2388,55 +1554,28 @@ spec: extensionType: type: string identity: - description: |- - Storage version of v1api20230501.Identity - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string type: object operatorSpec: - description: |- - Storage version of v1api20230501.ExtensionOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -2444,28 +1583,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20230501.ExtensionOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -2474,27 +1601,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -2505,36 +1617,22 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: |- - Storage version of v1api20230501.Plan - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -2550,59 +1648,35 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20230501.Scope - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20230501.ScopeCluster - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20230501.ScopeNamespace - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string type: object type: object systemData: - description: |- - Storage version of v1api20230501.SystemData - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -2623,26 +1697,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20230501.Extension_STATUS - The Extension object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -2655,39 +1719,22 @@ spec: type: boolean conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -2711,29 +1758,17 @@ spec: type: string type: object errorInfo: - description: |- - Storage version of v1api20230501.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20230501.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -2747,27 +1782,17 @@ spec: type: string details: items: - description: Storage version of v1api20230501.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20230501.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -2795,16 +1820,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20230501.Identity_STATUS - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -2820,16 +1839,10 @@ spec: packageUri: type: string plan: - description: |- - Storage version of v1api20230501.Plan_STATUS - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -2847,43 +1860,25 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20230501.Scope_STATUS - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20230501.ScopeCluster_STATUS - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20230501.ScopeNamespace_STATUS - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string @@ -2891,16 +1886,10 @@ spec: type: object statuses: items: - description: |- - Storage version of v1api20230501.ExtensionStatus_STATUS - Status from the extension. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -2915,16 +1904,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20230501.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -2965,57 +1948,30 @@ spec: name: v1api20241101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/extensions/stable/2024-11-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned - UserAssigned type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -3023,51 +1979,26 @@ spec: configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string identity: - description: 'Identity: Identity of the Extension resource' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned type: string type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3075,18 +2006,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -3094,29 +2019,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3125,44 +2034,28 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string required: - name @@ -3170,45 +2063,27 @@ spec: - publisher type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' enum: - Application - Key @@ -3216,13 +2091,10 @@ spec: - User type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' enum: - Application - Key @@ -3231,68 +2103,41 @@ spec: type: string type: object version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string required: - owner type: object status: - description: The Extension object. properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -3304,214 +2149,139 @@ spec: configurationProtectedSettings: additionalProperties: type: string - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. type: object configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object currentVersion: - description: 'CurrentVersion: Currently installed version of the extension.' type: string customLocationSettings: additionalProperties: type: string - description: 'CustomLocationSettings: Custom Location settings properties.' type: object errorInfo: - description: 'ErrorInfo: Error information from the Agent - e.g. errors during installation.' properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string identity: - description: 'Identity: Identity of the Extension resource' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object isSystemExtension: - description: 'IsSystemExtension: Flag to note if this extension is a system extension' type: boolean name: - description: 'Name: The name of the resource' type: string packageUri: - description: 'PackageUri: Uri of the Helm package' type: string plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object statuses: - description: 'Statuses: Status from this extension.' items: - description: Status from the extension. properties: code: - description: 'Code: Status code provided by the Extension' type: string displayStatus: - description: 'DisplayStatus: Short description of status of the extension.' type: string level: - description: 'Level: Level of the status.' type: string message: - description: 'Message: Detailed message of the status from the Extension.' type: string time: - description: 'Time: DateLiteral (per ISO8601) noting the time of installation status.' type: string type: object type: array systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string type: object type: object @@ -3535,48 +2305,24 @@ spec: name: v1api20241101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20241101.Extension - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/extensions/stable/2024-11-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20241101.Extension_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20241101.Extension_Properties_AksAssignedIdentity_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string @@ -3584,19 +2330,10 @@ spec: autoUpgradeMinorVersion: type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - SecretMapReference is a reference to a Kubernetes secret in the same namespace as - the resource it is on. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -3608,55 +2345,28 @@ spec: extensionType: type: string identity: - description: |- - Storage version of v1api20241101.Identity - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string type: object operatorSpec: - description: |- - Storage version of v1api20241101.ExtensionOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3664,28 +2374,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20241101.ExtensionOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -3694,27 +2392,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3725,36 +2408,22 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: |- - Storage version of v1api20241101.Plan - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -3770,59 +2439,35 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20241101.Scope - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20241101.ScopeCluster - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20241101.ScopeNamespace - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string type: object type: object systemData: - description: |- - Storage version of v1api20241101.SystemData - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -3843,26 +2488,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20241101.Extension_STATUS - The Extension object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20241101.Extension_Properties_AksAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -3875,39 +2510,22 @@ spec: type: boolean conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -3931,29 +2549,17 @@ spec: type: string type: object errorInfo: - description: |- - Storage version of v1api20241101.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20241101.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -3967,27 +2573,17 @@ spec: type: string details: items: - description: Storage version of v1api20241101.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20241101.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -4015,16 +2611,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20241101.Identity_STATUS - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -4040,16 +2630,10 @@ spec: packageUri: type: string plan: - description: |- - Storage version of v1api20241101.Plan_STATUS - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -4065,43 +2649,25 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20241101.Scope_STATUS - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20241101.ScopeCluster_STATUS - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20241101.ScopeNamespace_STATUS - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string @@ -4109,16 +2675,10 @@ spec: type: object statuses: items: - description: |- - Storage version of v1api20241101.ExtensionStatus_STATUS - Status from the extension. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -4133,16 +2693,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20241101.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -4173,10 +2727,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: fleetsmembers.containerservice.azure.com spec: conversion: @@ -4192,6 +2746,9 @@ spec: - v1 group: containerservice.azure.com names: + categories: + - azure + - containerservice kind: FleetsMember listKind: FleetsMemberList plural: fleetsmembers @@ -4215,96 +2772,47 @@ spec: name: v1api20230315preview schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: - description: 'Group: The group this member belongs to for multi-cluster update management.' maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4312,29 +2820,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4343,16 +2835,11 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -4362,46 +2849,25 @@ spec: status: properties: clusterResourceId: - description: |- - ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -4411,50 +2877,31 @@ spec: type: object type: array eTag: - description: |- - ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. - Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in - the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header - fields. type: string group: - description: 'Group: The group this member belongs to for multi-cluster update management.' type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string name: - description: 'Name: The name of the resource' type: string provisioningState: - description: 'ProvisioningState: The status of the last operation.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string type: object type: object @@ -4478,104 +2925,49 @@ spec: name: v1api20230315previewstorage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230315preview.FleetsMember - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230315preview.FleetsMember_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: type: string operatorSpec: - description: |- - Storage version of v1api20230315preview.FleetsMemberOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4584,27 +2976,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4615,16 +2992,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -4632,52 +3004,31 @@ spec: - owner type: object status: - description: Storage version of v1api20230315preview.FleetsMember_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clusterResourceId: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -4697,16 +3048,10 @@ spec: provisioningState: type: string systemData: - description: |- - Storage version of v1api20230315preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -4726,41 +3071,9 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 - labels: - app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 - name: managedclusters.containerservice.azure.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: azureserviceoperator-webhook-service - namespace: azureserviceoperator-system - path: /convert - port: 443 - conversionReviewVersions: - - v1 - group: containerservice.azure.com - names: - kind: ManagedCluster - listKind: ManagedClusterList - plural: managedclusters - singular: managedcluster - preserveUnknownFields: false - scope: Namespaced - versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready @@ -4774,710 +3087,612 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20210501 + name: v1api20250301 schema: openAPIV3Schema: properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: - aadProfile: + azureName: + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + clusterResourceReference: properties: - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: + group: type: string - serverAppSecret: + kind: type: string - tenantID: + name: type: string type: object - addonProfiles: - additionalProperties: - properties: - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - required: - - enabled - type: object - type: object - agentPoolProfiles: - items: - properties: - availabilityZones: - items: - type: string - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - kubeletConfig: + group: + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + operatorSpec: + properties: + configMapExpressions: + items: properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - minimum: 2 - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: + key: type: string - type: object - kubeletDiskType: - enum: - - OS - - Temporary - type: string - linuxOSConfig: - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: + name: type: string - transparentHugePageEnabled: + value: type: string + required: + - name + - value type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - enum: - - System - - User - type: string - name: - pattern: ^[a-z][a-z0-9]{0,11}$ - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + type: array + secretExpressions: + items: properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + key: type: string name: - description: Name is the Kubernetes name of the resource. type: string + value: + type: string + required: + - name + - value type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - enum: - - Ephemeral - - Managed - type: string - osSKU: - enum: - - CBLMariner - - Ubuntu + type: array + type: object + owner: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + type: string + conditions: + items: + properties: + lastTransitionTime: + format: date-time type: string - osType: - enum: - - Linux - - Windows + message: type: string - podSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: + observedGeneration: + format: int64 + type: integer + reason: type: string - scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete + severity: type: string - scaleSetPriority: - enum: - - Regular - - Spot + status: type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets - type: string - upgradeSettings: - properties: - maxSurge: - type: string - type: object - vmSize: type: string - vnetSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + required: + - lastTransitionTime + - reason + - status + - type type: object type: array - apiServerAccessProfile: + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + status: properties: - authorizedIPRanges: - items: - type: string - type: array - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: + lastOperationError: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + lastOperationId: type: string type: object - autoScalerProfile: + systemData: properties: - balance-similar-node-groups: - type: string - expander: - enum: - - least-waste - - most-pods - - priority - - random - type: string - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: + createdAt: type: string - scale-down-unready-time: + createdBy: type: string - scale-down-utilization-threshold: + createdByType: type: string - scan-interval: + lastModifiedAt: type: string - skip-nodes-with-local-storage: + lastModifiedBy: type: string - skip-nodes-with-system-pods: + lastModifiedByType: type: string type: object - autoUpgradeProfile: - properties: - upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable - type: string + type: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250301storage + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + $propertyBag: + additionalProperties: + type: string type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + clusterResourceReference: properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. type: string - type: object - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - properties: name: type: string - type: - enum: - - EdgeZone - type: string type: object - fqdnSubdomain: + group: type: string - httpProxyConfig: + operatorSpec: properties: - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: + $propertyBag: + additionalProperties: type: string - type: array - trustedCa: - type: string - type: object - identity: - properties: - type: - enum: - - None - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentities: + type: object + configMapExpressions: items: properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + key: + type: string + name: + type: string + value: + type: string + required: + - name + - value type: object type: array - type: object - identityProfile: - additionalProperties: - properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + secretExpressions: + items: properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + key: type: string name: - description: Name is the Kubernetes name of the resource. type: string + value: + type: string + required: + - name + - value type: object - type: object + type: array type: object - kubernetesVersion: + originalVersion: type: string - linuxProfile: + owner: properties: - adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string - ssh: + name: + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + clusterResourceId: + type: string + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + status: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + lastOperationError: properties: - publicKeys: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: items: properties: - keyData: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: type: string - required: - - keyData type: object type: array - required: - - publicKeys + code: + type: string + details: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string type: object - required: - - adminUsername - - ssh + lastOperationId: + type: string type: object - location: - type: string - networkProfile: + systemData: properties: - dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + $propertyBag: + additionalProperties: + type: string + type: object + createdAt: type: string - dockerBridgeCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + createdBy: type: string - loadBalancerProfile: + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: maintenanceconfigurations.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: MaintenanceConfiguration + listKind: MaintenanceConfigurationList + plural: maintenanceconfigurations + singular: maintenanceconfiguration + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + azureName: + type: string + maintenanceWindow: + properties: + durationHours: + maximum: 24 + minimum: 4 + type: integer + notAllowedDates: + items: + properties: + end: + type: string + start: + type: string + required: + - end + - start + type: object + type: array + schedule: properties: - allocatedOutboundPorts: - maximum: 64000 - minimum: 0 - type: integer - effectiveOutboundIPs: - items: - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - maximum: 120 - minimum: 4 - type: integer - managedOutboundIPs: + absoluteMonthly: properties: - count: - maximum: 100 + dayOfMonth: + maximum: 31 + minimum: 1 + type: integer + intervalMonths: + maximum: 6 minimum: 1 type: integer + required: + - dayOfMonth + - intervalMonths type: object - outboundIPPrefixes: + daily: properties: - publicIPPrefixes: - items: - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array + intervalDays: + maximum: 7 + minimum: 1 + type: integer + required: + - intervalDays type: object - outboundIPs: + relativeMonthly: properties: - publicIPs: - items: - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array + dayOfWeek: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalMonths: + maximum: 6 + minimum: 1 + type: integer + weekIndex: + enum: + - First + - Fourth + - Last + - Second + - Third + type: string + required: + - dayOfWeek + - intervalMonths + - weekIndex + type: object + weekly: + properties: + dayOfWeek: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalWeeks: + maximum: 4 + minimum: 1 + type: integer + required: + - dayOfWeek + - intervalWeeks type: object type: object - loadBalancerSku: - enum: - - basic - - standard - type: string - networkMode: - enum: - - bridge - - transparent - type: string - networkPlugin: - enum: - - azure - - kubenet - type: string - networkPolicy: - enum: - - azure - - calico - type: string - outboundType: - enum: - - loadBalancer - - userDefinedRouting + startDate: type: string - podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + startTime: + pattern: ^\d{2}:\d{2}$ type: string - serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + utcOffset: + pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ type: string + required: + - durationHours + - schedule + - startTime type: object - nodeResourceGroup: - type: string + notAllowedTime: + items: + properties: + end: + type: string + start: + type: string + type: object + type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -5485,581 +3700,388 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name - value type: object type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object - podIdentityProfile: + timeInWeek: + items: + properties: + day: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + hourSlots: + items: + maximum: 23 + minimum: 0 + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + maintenanceWindow: properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: + durationHours: + type: integer + notAllowedDates: items: properties: - bindingSelector: - type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: + end: type: string - namespace: + start: type: string - required: - - identity - - name - - namespace type: object type: array - userAssignedIdentityExceptions: - items: - properties: - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: + schedule: + properties: + absoluteMonthly: + properties: + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + dayOfWeek: type: string - type: object - required: - - name - - namespace - - podLabels - type: object - type: array - type: object - privateLinkResources: - items: - properties: - groupId: - type: string - name: + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + name: + type: string + notAllowedTime: + items: + properties: + end: type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - items: - type: string - type: array - type: + start: type: string type: object type: array - servicePrincipalProfile: + systemData: properties: - clientId: + createdAt: type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - required: - - clientId - type: object - sku: - properties: - name: - enum: - - Basic + createdBy: type: string - tier: - enum: - - Free - - Paid + createdByType: type: string - type: object - tags: - additionalProperties: - type: string - type: object - windowsProfile: - properties: - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: + lastModifiedAt: type: string - enableCSIProxy: - type: boolean - licenseType: - enum: - - None - - Windows_Server + lastModifiedBy: + type: string + lastModifiedByType: type: string - required: - - adminUsername type: object - required: - - location - - owner + timeInWeek: + items: + properties: + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: + type: string type: object - status: + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901storage + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: properties: - aadProfile: + $propertyBag: + additionalProperties: + type: string + type: object + azureName: + type: string + maintenanceWindow: properties: - adminGroupObjectIDs: - items: + $propertyBag: + additionalProperties: type: string + type: object + durationHours: + type: integer + notAllowedDates: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + end: + type: string + start: + type: string + type: object type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: + schedule: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + absoluteMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: type: string - serverAppSecret: + startTime: type: string - tenantID: + utcOffset: type: string type: object - addonProfiles: - additionalProperties: + notAllowedTime: + items: properties: - config: + $propertyBag: additionalProperties: type: string type: object - enabled: - type: boolean - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object + end: + type: string + start: + type: string type: object - type: object - agentPoolProfiles: - items: - properties: - availabilityZones: - items: - type: string - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: + type: array + operatorSpec: + properties: + $propertyBag: + additionalProperties: type: string - kubeletConfig: + type: object + configMapExpressions: + items: properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: + key: type: string - cpuManagerPolicy: + name: type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: + value: type: string + required: + - name + - value type: object - kubeletDiskType: - type: string - linuxOSConfig: + type: array + secretExpressions: + items: properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: + key: type: string - transparentHugePageEnabled: + name: type: string + value: + type: string + required: + - name + - value type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - nodeImageVersion: - type: string - nodeLabels: + type: array + type: object + originalVersion: + type: string + owner: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + type: string + type: object + timeInWeek: + items: + properties: + $propertyBag: additionalProperties: type: string type: object - nodePublicIPPrefixID: + day: type: string - nodeTaints: + hourSlots: items: - type: string + type: integer type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: - properties: - code: - type: string - type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - properties: - maxSurge: - type: string - type: object - vmSize: - type: string - vnetSubnetID: - type: string type: object type: array - apiServerAccessProfile: - properties: - authorizedIPRanges: - items: - type: string - type: array - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - properties: - balance-similar-node-groups: - type: string - expander: - type: string - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - properties: - upgradeChannel: - type: string + required: + - owner + type: object + status: + properties: + $propertyBag: + additionalProperties: + type: string type: object - azurePortalFQDN: - type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -6068,279 +4090,469 @@ spec: - type type: object type: array - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string - dnsPrefix: + id: type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: + maintenanceWindow: properties: - name: - type: string - type: - type: string - type: object - fqdn: - type: string - fqdnSubdomain: - type: string - httpProxyConfig: - properties: - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - id: - type: string - identity: - properties: - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: + $propertyBag: additionalProperties: + type: string + type: object + durationHours: + type: integer + notAllowedDates: + items: properties: - clientId: + $propertyBag: + additionalProperties: + type: string + type: object + end: type: string - principalId: + start: type: string type: object + type: array + schedule: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + absoluteMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string type: object - identityProfile: - additionalProperties: + name: + type: string + notAllowedTime: + items: properties: - clientId: - type: string - objectId: + $propertyBag: + additionalProperties: + type: string + type: object + end: type: string - resourceId: + start: type: string type: object - type: object - kubernetesVersion: - type: string - linuxProfile: + type: array + systemData: properties: - adminUsername: - type: string - ssh: - properties: - publicKeys: - items: - properties: - keyData: - type: string - type: object - type: array + $propertyBag: + additionalProperties: + type: string type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string type: object - location: + timeInWeek: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: type: string - maxAgentPools: - type: integer - name: + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250801 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + azureName: type: string - networkProfile: + maintenanceWindow: properties: - dnsServiceIP: - type: string - dockerBridgeCidr: - type: string - loadBalancerProfile: + durationHours: + maximum: 24 + minimum: 4 + type: integer + notAllowedDates: + items: + properties: + end: + type: string + start: + type: string + required: + - end + - start + type: object + type: array + schedule: properties: - allocatedOutboundPorts: - type: integer - effectiveOutboundIPs: - items: - properties: - id: - type: string - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: + absoluteMonthly: properties: - count: + dayOfMonth: + maximum: 31 + minimum: 1 type: integer + intervalMonths: + maximum: 6 + minimum: 1 + type: integer + required: + - dayOfMonth + - intervalMonths type: object - outboundIPPrefixes: + daily: properties: - publicIPPrefixes: - items: - properties: - id: - type: string - type: object - type: array + intervalDays: + maximum: 7 + minimum: 1 + type: integer + required: + - intervalDays type: object - outboundIPs: + relativeMonthly: properties: - publicIPs: - items: - properties: - id: - type: string - type: object - type: array + dayOfWeek: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalMonths: + maximum: 6 + minimum: 1 + type: integer + weekIndex: + enum: + - First + - Fourth + - Last + - Second + - Third + type: string + required: + - dayOfWeek + - intervalMonths + - weekIndex + type: object + weekly: + properties: + dayOfWeek: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalWeeks: + maximum: 4 + minimum: 1 + type: integer + required: + - dayOfWeek + - intervalWeeks type: object type: object - loadBalancerSku: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPolicy: - type: string - outboundType: + startDate: type: string - podCidr: + startTime: + pattern: ^\d{2}:\d{2}$ type: string - serviceCidr: + utcOffset: + pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ type: string + required: + - durationHours + - schedule + - startTime type: object - nodeResourceGroup: - type: string - podIdentityProfile: + notAllowedTime: + items: + properties: + end: + type: string + start: + type: string + type: object + type: array + operatorSpec: properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: + configMapExpressions: items: properties: - bindingSelector: + key: type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object name: type: string - namespace: - type: string - provisioningInfo: - properties: - error: - properties: - error: - properties: - code: - type: string - details: - items: - properties: - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: + value: type: string + required: + - name + - value type: object type: array - userAssignedIdentityExceptions: + secretExpressions: items: properties: + key: + type: string name: type: string - namespace: + value: type: string - podLabels: - additionalProperties: - type: string - type: object + required: + - name + - value type: object type: array type: object - powerState: + owner: properties: - code: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: type: string type: object - privateFQDN: - type: string - privateLinkResources: + timeInWeek: items: properties: - groupId: + day: + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + hourSlots: + items: + maximum: 23 + minimum: 0 + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time type: string - id: + message: type: string - name: + observedGeneration: + format: int64 + type: integer + reason: type: string - privateLinkServiceID: + severity: + type: string + status: type: string - requiredMembers: - items: - type: string - type: array type: type: string + required: + - lastTransitionTime + - reason + - status + - type type: object type: array - provisioningState: + id: type: string - servicePrincipalProfile: + maintenanceWindow: properties: - clientId: + durationHours: + type: integer + notAllowedDates: + items: + properties: + end: + type: string + start: + type: string + type: object + type: array + schedule: + properties: + absoluteMonthly: + properties: + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: type: string - type: object - sku: - properties: - name: + startTime: type: string - tier: + utcOffset: type: string type: object - tags: - additionalProperties: - type: string - type: object - type: + name: type: string - windowsProfile: + notAllowedTime: + items: + properties: + end: + type: string + start: + type: string + type: object + type: array + systemData: properties: - adminUsername: + createdAt: type: string - enableCSIProxy: - type: boolean - licenseType: + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: type: string type: object + timeInWeek: + items: + properties: + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: + type: string type: object type: object served: true @@ -6360,101 +4572,465 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20210501storage + name: v1api20250801storage schema: openAPIV3Schema: - description: Storage version of v1api20210501.ManagedCluster properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20210501.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - aadProfile: - description: Storage version of v1api20210501.ManagedClusterAADProfile + azureName: + type: string + maintenanceWindow: properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - adminGroupObjectIDs: + durationHours: + type: integer + notAllowedDates: items: - type: string + properties: + $propertyBag: + additionalProperties: + type: string + type: object + end: + type: string + start: + type: string + type: object type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: + schedule: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + absoluteMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: type: string - serverAppSecret: + startTime: type: string - tenantID: + utcOffset: type: string type: object - addonProfiles: - additionalProperties: - description: Storage version of v1api20210501.ManagedClusterAddonProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - type: object - type: object - agentPoolProfiles: + notAllowedTime: items: - description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object + end: + type: string + start: + type: string + type: object + type: array + operatorSpec: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + configMapExpressions: + items: + properties: + key: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + items: + properties: + key: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + originalVersion: + type: string + owner: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + type: string + type: object + timeInWeek: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + observedGeneration: + format: int64 + type: integer + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + maintenanceWindow: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + durationHours: + type: integer + notAllowedDates: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + end: + type: string + start: + type: string + type: object + type: array + schedule: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + absoluteMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + name: + type: string + notAllowedTime: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + end: + type: string + start: + type: string + type: object + type: array + systemData: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + timeInWeek: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + aadProfile: + properties: + adminGroupObjectIDs: + items: + type: string + type: array + clientAppID: + type: string + enableAzureRBAC: + type: boolean + managed: + type: boolean + serverAppID: + type: string + serverAppSecret: + type: string + tenantID: + type: string + type: object + addonProfiles: + additionalProperties: + properties: + config: + additionalProperties: + type: string + type: object + enabled: + type: boolean + required: + - enabled + type: object + type: object + agentPoolProfiles: + items: + properties: availabilityZones: items: type: string type: array count: type: integer + creationData: + properties: + sourceResourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -6466,22 +5042,33 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string + hostGroupReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -6503,29 +5090,16 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20210501.SysctlConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -6595,31 +5169,27 @@ spec: minCount: type: integer mode: + enum: + - System + - User type: string name: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + nodePublicIPPrefixReference: properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -6629,38 +5199,72 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 type: string osType: + enum: + - Linux + - Windows type: string - podSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + podSubnetReference: properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object - proximityPlacementGroupID: + powerState: + properties: + code: + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string spotMaxPrice: type: number @@ -6669,58 +5273,46 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object maxSurge: type: string type: object vmSize: type: string - vnetSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + vnetSubnetReference: properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object + workloadRuntime: + enum: + - OCIContainer + - WasmWasi + type: string + required: + - name type: object type: array apiServerAccessProfile: - description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string type: array + disableRunCommand: + type: boolean enablePrivateCluster: type: boolean enablePrivateClusterPublicFQDN: @@ -6729,18 +5321,15 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string expander: + enum: + - least-waste + - most-pods + - priority + - random type: string max-empty-bulk-delete: type: string @@ -6774,43 +5363,50 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object + azureMonitorProfile: + properties: + metrics: + properties: + enabled: + type: boolean + kubeStateMetrics: + properties: + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + required: + - enabled + type: object + type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: type: boolean - diskEncryptionSetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + diskEncryptionSetReference: properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -6820,32 +5416,18 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20210501.ExtendedLocation properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: + enum: + - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -6858,46 +5440,26 @@ spec: type: string type: object identity: - description: Storage version of v1api20210501.ManagedClusterIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: items: - description: Storage version of v1api20210501.UserAssignedIdentityDetails properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -6905,37 +5467,41 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20210501.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -6943,203 +5509,120 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20210501.ContainerServiceLinuxProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: Storage version of v1api20210501.ContainerServiceSshConfiguration properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20210501.ContainerServiceSshPublicKey properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string networkProfile: - description: Storage version of v1api20210501.ContainerServiceNetworkProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string dockerBridgeCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + ipFamilies: + items: + enum: + - IPv4 + - IPv6 + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array + enableMultipleStandardLoadBalancers: + type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 100 + minimum: 1 + type: integer + countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -7147,86 +5630,143 @@ spec: type: object type: object loadBalancerSku: + enum: + - basic + - standard + type: string + natGatewayProfile: + properties: + effectiveOutboundIPs: + items: + properties: + reference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + properties: + count: + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + podCidrs: + items: + type: string + type: array serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + serviceCidrs: + items: + type: string + type: array type: object nodeResourceGroup: type: string + oidcIssuerProfile: + properties: + enabled: + type: boolean + type: object operatorSpec: - description: |- - Storage version of v1api20210501.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name - value type: object type: array + configMaps: + properties: + oidcIssuerProfile: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + principalId: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -7234,46 +5774,22 @@ spec: type: object type: array secrets: - description: Storage version of v1api20210501.ManagedClusterOperatorSecrets properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -7281,80 +5797,61 @@ spec: type: object type: object type: object - originalVersion: - type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20210501.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -7362,19 +5859,15 @@ spec: type: string namespace: type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityException properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -7383,42 +5876,30 @@ spec: additionalProperties: type: string type: object + required: + - name + - namespace + - podLabels type: object type: array type: object privateLinkResources: items: - description: Storage version of v1api20210501.PrivateLinkResource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -7429,77 +5910,133 @@ spec: type: string type: object type: array - servicePrincipalProfile: - description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + publicNetworkAccess: + enum: + - Disabled + - Enabled + type: string + securityProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + azureKeyVaultKms: + properties: + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + enum: + - Private + - Public + type: string + keyVaultResourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object + defender: + properties: + logAnalyticsWorkspaceResourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + securityMonitoring: + properties: + enabled: + type: boolean + type: object + type: object + imageCleaner: + properties: + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + properties: + enabled: + type: boolean type: object + type: object + servicePrincipalProfile: + properties: clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object + required: + - clientId type: object sku: - description: Storage version of v1api20210501.ManagedClusterSKU properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + enum: + - Base type: string tier: + enum: + - Free + - Standard type: string type: object + storageProfile: + properties: + blobCSIDriver: + properties: + enabled: + type: boolean + type: object + diskCSIDriver: + properties: + enabled: + type: boolean + type: object + fileCSIDriver: + properties: + enabled: + type: boolean + type: object + snapshotController: + properties: + enabled: + type: boolean + type: object + type: object tags: additionalProperties: type: string type: object windowsProfile: - description: Storage version of v1api20210501.ManagedClusterWindowsProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -7509,32 +6046,41 @@ spec: type: string enableCSIProxy: type: boolean + gmsaProfile: + properties: + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername + type: object + workloadAutoScalerProfile: + properties: + keda: + properties: + enabled: + type: boolean + required: + - enabled + type: object type: object required: + - location - owner type: object status: - description: Storage version of v1api20210501.ManagedCluster_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -7554,15 +6100,7 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string @@ -7570,15 +6108,7 @@ spec: enabled: type: boolean identity: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -7590,21 +6120,20 @@ spec: type: object agentPoolProfiles: items: - description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object availabilityZones: items: type: string type: array count: type: integer + creationData: + properties: + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -7617,16 +6146,10 @@ spec: type: boolean gpuInstanceProfile: type: string + hostGroupID: + type: string kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -7655,27 +6178,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20210501.SysctlConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -7773,15 +6280,7 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20210501.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -7789,6 +6288,8 @@ spec: type: string proximityPlacementGroupID: type: string + scaleDownMode: + type: string scaleSetEvictionPolicy: type: string scaleSetPriority: @@ -7802,15 +6303,7 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object maxSurge: type: string type: object @@ -7818,22 +6311,18 @@ spec: type: string vnetSubnetID: type: string + workloadRuntime: + type: string type: object type: array apiServerAccessProfile: - description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string type: array + disableRunCommand: + type: boolean enablePrivateCluster: type: boolean enablePrivateClusterPublicFQDN: @@ -7842,15 +6331,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string expander: @@ -7887,55 +6368,45 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object upgradeChannel: type: string type: object + azureMonitorProfile: + properties: + metrics: + properties: + enabled: + type: boolean + kubeStateMetrics: + properties: + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object azurePortalFQDN: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -7944,6 +6415,8 @@ spec: - type type: object type: array + currentKubernetesVersion: + type: string disableLocalAccounts: type: boolean diskEncryptionSetID: @@ -7955,15 +6428,7 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20210501.ExtendedLocation_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: @@ -7974,15 +6439,7 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -7997,15 +6454,7 @@ spec: id: type: string identity: - description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object principalId: type: string tenantId: @@ -8014,15 +6463,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string principalId: @@ -8032,15 +6473,7 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -8052,38 +6485,14 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -8097,108 +6506,52 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: type: string dockerBridgeCidr: type: string + ipFamilies: + items: + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20210501.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array + enableMultipleStandardLoadBalancers: + type: boolean idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer + countIPv6: + type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20210501.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20210501.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -8207,58 +6560,70 @@ spec: type: object loadBalancerSku: type: string - networkMode: - type: string - networkPlugin: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - serviceCidr: - type: string - type: object - nodeResourceGroup: - type: string - podIdentityProfile: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + natGatewayProfile: + properties: + effectiveOutboundIPs: + items: + properties: + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + properties: + count: + type: integer + type: object type: object + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: + type: string + podCidrs: + items: + type: string + type: array + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + type: object + nodeResourceGroup: + type: string + oidcIssuerProfile: + properties: + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + properties: allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -8271,48 +6636,16 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string details: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string message: @@ -8334,15 +6667,7 @@ spec: type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -8355,15 +6680,7 @@ spec: type: array type: object powerState: - description: Storage version of v1api20210501.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -8371,15 +6688,7 @@ spec: type: string privateLinkResources: items: - description: Storage version of v1api20210501.PrivateLinkResource_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string id: @@ -8398,34 +6707,94 @@ spec: type: array provisioningState: type: string - servicePrincipalProfile: - description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + publicNetworkAccess: + type: string + securityProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + azureKeyVaultKms: + properties: + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + defender: + properties: + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + properties: + enabled: + type: boolean + type: object + type: object + imageCleaner: + properties: + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + properties: + enabled: + type: boolean type: object + type: object + servicePrincipalProfile: + properties: clientId: type: string type: object sku: - description: Storage version of v1api20210501.ManagedClusterSKU_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object + storageProfile: + properties: + blobCSIDriver: + properties: + enabled: + type: boolean + type: object + diskCSIDriver: + properties: + enabled: + type: boolean + type: object + fileCSIDriver: + properties: + enabled: + type: boolean + type: object + snapshotController: + properties: + enabled: + type: boolean + type: object + type: object + systemData: + properties: + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string @@ -8433,22 +6802,31 @@ spec: type: type: string windowsProfile: - description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string enableCSIProxy: type: boolean + gmsaProfile: + properties: + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object licenseType: type: string type: object + workloadAutoScalerProfile: + properties: + keda: + properties: + enabled: + type: boolean + type: object + type: object type: object type: object served: true @@ -8468,31 +6846,28 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230201 + name: v1api20230201storage schema: openAPIV3Schema: properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: items: type: string @@ -8513,19 +6888,25 @@ spec: addonProfiles: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string type: object enabled: type: boolean - required: - - enabled type: object type: object agentPoolProfiles: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: items: type: string @@ -8534,24 +6915,20 @@ spec: type: integer creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8566,41 +6943,30 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: - minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -8622,16 +6988,21 @@ spec: type: string type: object kubeletDiskType: - enum: - - OS - - Temporary type: string linuxOSConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: type: integer sysctls: properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: type: integer fsFileMax: @@ -8701,35 +7072,23 @@ spec: minCount: type: integer mode: - enum: - - System - - User type: string name: - pattern: ^[a-z][a-z0-9]{0,11}$ type: string nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -8739,88 +7098,51 @@ spec: orchestratorVersion: type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - enum: - - Ephemeral - - Managed type: string osSKU: - enum: - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - enum: - - Linux - - Windows type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - enum: - - Running - - Stopped type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete type: string scaleSetPriority: - enum: - - Regular - - Spot type: string spotMaxPrice: type: number @@ -8829,48 +7151,40 @@ spec: type: string type: object type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object maxSurge: type: string type: object vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array apiServerAccessProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: items: type: string @@ -8886,14 +7200,13 @@ spec: type: object autoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: type: string expander: - enum: - - least-waste - - most-pods - - priority - - random type: string max-empty-bulk-delete: type: string @@ -8928,60 +7241,54 @@ spec: type: object autoUpgradeProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean kubeStateMetrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object - required: - - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -8992,17 +7299,23 @@ spec: type: boolean extendedLocation: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string type: - enum: - - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: type: string httpsProxy: @@ -9016,33 +7329,29 @@ spec: type: object identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object type: - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9051,28 +7360,44 @@ spec: identityProfile: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9081,71 +7406,72 @@ spec: type: string linuxProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: type: string networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string dockerBridgeCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string ipFamilies: items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - maximum: 64000 - minimum: 0 type: integer effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9153,43 +7479,41 @@ spec: enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - maximum: 100 - minimum: 1 type: integer countIPv6: - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9197,27 +7521,27 @@ spec: type: object outboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9225,91 +7549,65 @@ spec: type: object type: object loadBalancerSku: - enum: - - basic - - standard type: string natGatewayProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - enum: - - azure - - cilium type: string networkMode: - enum: - - bridge - - transparent type: string networkPlugin: - enum: - - azure - - kubenet - - none type: string networkPluginMode: - enum: - - overlay type: string networkPolicy: - enum: - - azure - - calico - - cilium type: string outboundType: - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: @@ -9320,38 +7618,27 @@ spec: type: string oidcIssuerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: + $propertyBag: + additionalProperties: + type: string + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -9359,35 +7646,26 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: + $propertyBag: + additionalProperties: + type: string + type: object oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -9395,29 +7673,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -9425,37 +7687,26 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -9463,21 +7714,22 @@ spec: type: object type: object type: object + originalVersion: + type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: type: boolean enabled: @@ -9485,32 +7737,52 @@ spec: userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9518,15 +7790,15 @@ spec: type: string namespace: type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string namespace: @@ -9535,38 +7807,30 @@ spec: additionalProperties: type: string type: object - required: - - name - - namespace - - podLabels type: object type: array type: object privateLinkResources: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -9578,74 +7842,72 @@ spec: type: object type: array publicNetworkAccess: - enum: - - Disabled - - Enabled type: string securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: - enum: - - Private - - Public type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object imageCleaner: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean intervalHours: @@ -9653,65 +7915,83 @@ spec: type: object workloadIdentity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object servicePrincipalProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object - required: - - clientId type: object sku: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - enum: - - Base type: string tier: - enum: - - Free - - Standard type: string type: object storageProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object diskCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object fileCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object snapshotController: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -9722,18 +8002,15 @@ spec: type: object windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -9745,6 +8022,10 @@ spec: type: boolean gmsaProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: type: string enabled: @@ -9753,31 +8034,39 @@ spec: type: string type: object licenseType: - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean - required: - - enabled type: object type: object required: - - location - owner type: object status: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: items: type: string @@ -9798,6 +8087,10 @@ spec: addonProfiles: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string @@ -9806,6 +8099,10 @@ spec: type: boolean identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -9818,6 +8115,10 @@ spec: agentPoolProfiles: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: items: type: string @@ -9826,6 +8127,10 @@ spec: type: integer creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: type: string type: object @@ -9847,6 +8152,10 @@ spec: type: string kubeletConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: items: type: string @@ -9876,10 +8185,18 @@ spec: type: string linuxOSConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: type: integer sysctls: properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: type: integer fsFileMax: @@ -9978,6 +8295,10 @@ spec: type: string powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string type: object @@ -10001,6 +8322,10 @@ spec: type: string upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object maxSurge: type: string type: object @@ -10014,6 +8339,10 @@ spec: type: array apiServerAccessProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: items: type: string @@ -10029,6 +8358,10 @@ spec: type: object autoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: type: string expander: @@ -10066,17 +8399,33 @@ spec: type: object autoUpgradeProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object upgradeChannel: type: string type: object azureMonitorProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean kubeStateMetrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -10087,41 +8436,23 @@ spec: azurePortalFQDN: type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -10144,6 +8475,10 @@ spec: type: boolean extendedLocation: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string type: @@ -10155,6 +8490,10 @@ spec: type: string httpProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: type: string httpsProxy: @@ -10170,6 +8509,10 @@ spec: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object principalId: type: string tenantId: @@ -10179,6 +8522,10 @@ spec: userAssignedIdentities: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string principalId: @@ -10189,6 +8536,10 @@ spec: identityProfile: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -10201,13 +8552,25 @@ spec: type: string linuxProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: type: string ssh: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: type: string type: object @@ -10222,6 +8585,10 @@ spec: type: string networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServiceIP: type: string dockerBridgeCidr: @@ -10232,11 +8599,19 @@ spec: type: array loadBalancerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: type: integer effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -10247,6 +8622,10 @@ spec: type: integer managedOutboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer countIPv6: @@ -10254,9 +8633,17 @@ spec: type: object outboundIPPrefixes: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -10264,9 +8651,17 @@ spec: type: object outboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -10277,9 +8672,17 @@ spec: type: string natGatewayProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -10288,6 +8691,10 @@ spec: type: integer managedOutboundIPProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer type: object @@ -10321,6 +8728,10 @@ spec: type: string oidcIssuerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean issuerURL: @@ -10328,6 +8739,10 @@ spec: type: object podIdentityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: type: boolean enabled: @@ -10335,10 +8750,18 @@ spec: userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -10352,15 +8775,31 @@ spec: type: string provisioningInfo: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string details: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string message: @@ -10383,6 +8822,10 @@ spec: userAssignedIdentityExceptions: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string namespace: @@ -10396,6 +8839,10 @@ spec: type: object powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string type: object @@ -10404,6 +8851,10 @@ spec: privateLinkResources: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: type: string id: @@ -10426,8 +8877,16 @@ spec: type: string securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean keyId: @@ -10439,16 +8898,28 @@ spec: type: object defender: properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object imageCleaner: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean intervalHours: @@ -10456,17 +8927,29 @@ spec: type: object workloadIdentity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object servicePrincipalProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string type: object sku: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string tier: @@ -10474,29 +8957,53 @@ spec: type: object storageProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object diskCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object fileCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object snapshotController: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object systemData: properties: + $propertyBag: + additionalProperties: + type: string + type: object createdAt: type: string createdBy: @@ -10518,12 +9025,20 @@ spec: type: string windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: type: string enabled: @@ -10536,8 +9051,16 @@ spec: type: object workloadAutoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -10561,48 +9084,20 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230201storage + name: v1api20231001 schema: openAPIV3Schema: - description: Storage version of v1api20230201.ManagedCluster properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230201.ManagedCluster_Spec properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -10622,68 +9117,50 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string type: object enabled: type: boolean + required: + - enabled type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object availabilityZones: items: type: string type: array + capacityReservationGroupReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object count: type: integer creationData: - description: Storage version of v1api20230201.CreationData properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10698,42 +9175,33 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -10755,29 +9223,16 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -10823,10 +9278,16 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -10847,31 +9308,71 @@ spec: minCount: type: integer mode: + enum: + - System + - User type: string name: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string + networkProfile: + properties: + allowedHostPorts: + items: + properties: + portEnd: + maximum: 65535 + minimum: 1 + type: integer + portStart: + maximum: 65535 + minimum: 1 + type: integer + protocol: + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + nodePublicIPTags: + items: + properties: + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -10881,71 +9382,73 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 type: string osType: + enum: + - Linux + - Windows type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20230201.PowerState properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + enum: + - Running + - Stopped type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string spotMaxPrice: type: number @@ -10954,56 +9457,44 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + drainTimeoutInMinutes: + maximum: 1440 + minimum: 1 + type: integer maxSurge: type: string type: object vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -11018,18 +9509,15 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string expander: + enum: + - least-waste + - most-pods + - priority + - random type: string max-empty-bulk-delete: type: string @@ -11063,82 +9551,56 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + nodeOSUpgradeChannel: + enum: + - NodeImage + - None + - Unmanaged + type: string upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object + required: + - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -11148,32 +9610,18 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: + enum: + - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -11186,46 +9634,50 @@ spec: type: string type: object identity: - description: Storage version of v1api20230201.ManagedClusterIdentity properties: - $propertyBag: + delegatedResources: additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + properties: + location: + type: string + referralResource: + type: string + resourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + tenantId: + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object type: object type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: items: - description: Storage version of v1api20230201.UserAssignedIdentityDetails properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11233,37 +9685,41 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11271,105 +9727,66 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: - type: string - dockerBridgeCidr: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: + enum: + - IPv4 + - IPv6 type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer + backendPoolType: + enum: + - NodeIP + - NodeIPConfiguration + type: string effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11377,105 +9794,55 @@ spec: enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 100 + minimum: 1 type: integer countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20230201.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11483,85 +9850,83 @@ spec: type: object type: object loadBalancerSku: + enum: + - basic + - standard type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none type: string networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: @@ -11571,53 +9936,20 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20230201.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -11625,46 +9957,22 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -11673,27 +9981,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -11701,46 +9994,22 @@ spec: type: object type: array secrets: - description: Storage version of v1api20230201.ManagedClusterOperatorSecrets properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -11748,80 +10017,61 @@ spec: type: object type: object type: object - originalVersion: - type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20230201.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11829,19 +10079,15 @@ spec: type: string namespace: type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -11850,42 +10096,30 @@ spec: additionalProperties: type: string type: object + required: + - name + - namespace + - podLabels type: object type: array type: object privateLinkResources: items: - description: Storage version of v1api20230201.PrivateLinkResource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -11897,261 +10131,223 @@ spec: type: object type: array publicNetworkAccess: + enum: + - Disabled + - Enabled type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: + enum: + - Private + - Public type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object - servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + serviceMeshProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + istio: + properties: + certificateAuthority: + properties: + plugin: + properties: + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + properties: + egressGateways: + items: + properties: + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + required: + - enabled + type: object + type: array + ingressGateways: + items: + properties: + enabled: + type: boolean + mode: + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + items: + type: string + maxItems: 2 + type: array type: object + mode: + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object + servicePrincipalProfile: + properties: clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object + required: + - clientId type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + enum: + - Base type: string tier: + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object + supportPlan: + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string tags: additionalProperties: type: string type: object - windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile + upgradeSettings: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + overrideSettings: + properties: + forceUpgrade: + type: boolean + until: + type: string type: object + type: object + windowsProfile: + properties: adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -12162,15 +10358,7 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -12179,55 +10367,38 @@ spec: type: string type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + properties: + enabled: + type: boolean + required: + - enabled type: object type: object required: + - location - owner type: object status: - description: Storage version of v1api20230201.ManagedCluster_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -12247,15 +10418,7 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string @@ -12263,15 +10426,7 @@ spec: enabled: type: boolean identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -12283,31 +10438,17 @@ spec: type: object agentPoolProfiles: items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object availabilityZones: items: type: string type: array + capacityReservationGroupID: + type: string count: type: integer creationData: - description: Storage version of v1api20230201.CreationData_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceId: type: string type: object @@ -12328,15 +10469,7 @@ spec: hostGroupID: type: string kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -12365,27 +10498,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -12458,6 +10575,33 @@ spec: type: string name: type: string + networkProfile: + properties: + allowedHostPorts: + items: + properties: + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroups: + items: + type: string + type: array + nodePublicIPTags: + items: + properties: + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object nodeImageVersion: type: string nodeLabels: @@ -12483,15 +10627,7 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -12514,15 +10650,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + drainTimeoutInMinutes: + type: integer maxSurge: type: string type: object @@ -12535,15 +10665,7 @@ spec: type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -12558,15 +10680,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string expander: @@ -12603,50 +10717,20 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + nodeOSUpgradeChannel: + type: string upgradeChannel: type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -12658,39 +10742,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -12712,15 +10779,7 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: @@ -12731,15 +10790,7 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -12754,14 +10805,19 @@ spec: id: type: string identity: - description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS properties: - $propertyBag: + delegatedResources: additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + properties: + location: + type: string + referralResource: + type: string + resourceId: + type: string + tenantId: + type: string + type: object type: object principalId: type: string @@ -12771,15 +10827,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string principalId: @@ -12789,15 +10837,7 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -12809,38 +10849,14 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -12854,46 +10870,22 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: type: string - dockerBridgeCidr: - type: string ipFamilies: items: type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: type: integer + backendPoolType: + type: string effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -12903,67 +10895,27 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer countIPv6: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -12973,26 +10925,10 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -13000,15 +10936,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer type: object @@ -13041,57 +10969,25 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean issuerURL: type: string type: object podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -13104,48 +11000,16 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string details: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string message: @@ -13167,15 +11031,7 @@ spec: type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -13188,15 +11044,7 @@ spec: type: array type: object powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -13204,15 +11052,7 @@ spec: type: string privateLinkResources: items: - description: Storage version of v1api20230201.PrivateLinkResource_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string id: @@ -13233,26 +11073,12 @@ spec: type: string publicNetworkAccess: type: string + resourceUID: + type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: @@ -13263,161 +11089,118 @@ spec: type: string type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object - servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + serviceMeshProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + istio: + properties: + certificateAuthority: + properties: + plugin: + properties: + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + properties: + egressGateways: + items: + properties: + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + properties: + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array type: object + mode: + type: string + type: object + servicePrincipalProfile: + properties: clientId: type: string type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object + supportPlan: + type: string systemData: - description: Storage version of v1api20230201.SystemData_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object createdAt: type: string createdBy: @@ -13437,30 +11220,24 @@ spec: type: object type: type: string - windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + upgradeSettings: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + overrideSettings: + properties: + forceUpgrade: + type: boolean + until: + type: string type: object + type: object + windowsProfile: + properties: adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -13472,25 +11249,14 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + properties: enabled: type: boolean type: object @@ -13514,456 +11280,292 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231001 + name: v1api20231001storage schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -13971,550 +11573,311 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. - enum: - - AzureLinux - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. - enum: - - least-waste - - most-pods - - priority - - random type: string max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' - enum: - - NodeImage - - None - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object - required: - - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -14522,228 +11885,189 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -14751,168 +12075,96 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: + $propertyBag: + additionalProperties: + type: string + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -14920,35 +12172,26 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: + $propertyBag: + additionalProperties: + type: string + type: object oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -14956,29 +12199,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -14986,37 +12213,26 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -15024,1238 +12240,908 @@ spec: type: object type: object type: object + originalVersion: + type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean nodeSelector: additionalProperties: type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' type: object - required: - - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string - maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object - required: - - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean - required: - - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean - required: - - enabled type: object type: object required: - - location - owner type: object status: - description: Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. type: string max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -16265,815 +13151,733 @@ spec: type: object type: array currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Pod identity assignment error (if any).' properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Details about the error.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean nodeSelector: additionalProperties: type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' type: object type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: + $propertyBag: + additionalProperties: + type: string + type: object createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object @@ -17096,54 +13900,20 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231001storage + name: v1api20240402preview schema: openAPIV3Schema: - description: |- - Storage version of v1api20231001.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231001.ManagedCluster_Spec properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -17163,99 +13933,62 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string type: object enabled: type: boolean + required: + - enabled type: object type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + artifactStreamingProfile: + properties: + enabled: + type: boolean type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData - Data used when creating a target resource from a source resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: type: boolean + enableCustomCATrust: + type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -17264,48 +13997,46 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string + gpuProfile: + properties: + installGPUDriver: + type: boolean + type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -17327,33 +14058,16 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig - Sysctl settings for Linux agent nodes. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -17399,10 +14113,16 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -17420,80 +14140,56 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: + enum: + - Gateway + - System + - User type: string name: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile - Network settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange - The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + maximum: 65535 + minimum: 1 type: integer portStart: + maximum: 65535 + minimum: 1 type: integer protocol: + enum: + - TCP + - UDP type: string type: object type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag - Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -17501,30 +14197,24 @@ spec: type: object type: array type: object + nodeInitializationTaints: + items: + type: string + type: array nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -17534,77 +14224,93 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual type: string osType: + enum: + - Linux + - Windows + type: string + podIPAllocationMode: + enum: + - DynamicIndividual + - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20231001.PowerState - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + enum: + - Running + - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string + securityProfile: + properties: + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + enum: + - Disabled + - LocalUser + type: string + type: object spotMaxPrice: type: number tags: @@ -17612,65 +14318,104 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + maximum: 1440 + minimum: 1 type: integer maxSurge: type: string + nodeSoakDurationInMinutes: + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + scale: + properties: + autoscale: + items: + properties: + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + properties: + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object + windowsProfile: + properties: + disableOutboundNat: + type: boolean + type: object workloadRuntime: + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array + aiToolchainOperatorProfile: + properties: + enabled: + type: boolean + type: object apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -17681,23 +14426,30 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean + enableVnetIntegration: + type: boolean privateDNSZone: type: string + subnetId: + type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean expander: + enum: + - least-waste + - most-pods + - priority + - random type: string + ignore-daemonsets-utilization: + type: boolean max-empty-bulk-delete: type: string max-graceful-termination-sec: @@ -17730,137 +14482,160 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + appMonitoring: + properties: + autoInstrumentation: + properties: + enabled: + type: boolean + type: object + openTelemetryLogs: + properties: + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + properties: + enabled: + type: boolean + port: + type: integer + type: object type: object - metrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + containerInsights: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string type: object + syslogPort: + type: integer + type: object + metrics: + properties: enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object + required: + - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string + bootstrapProfile: + properties: + artifactSource: + enum: + - Cache + - Direct + type: string + containerRegistryReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object + creationData: + properties: + sourceResourceReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: type: string + enableNamespaceResources: + type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20231001.ExtendedLocation - The complex type of the extended location. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: + enum: + - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -17873,91 +14648,50 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20231001.ManagedClusterIdentity - Identity for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource - Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object type: object type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17965,157 +14699,177 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object + ingressProfile: + properties: + webAppRouting: + properties: + dnsZoneResourceReferences: + items: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string + metricsProfile: + properties: + costAnalysis: + properties: + enabled: + type: boolean + type: object + type: object networkProfile: - description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile - Profile of network configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + advancedNetworking: + properties: + observability: + properties: + enabled: + type: boolean + type: object type: object dnsServiceIP: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: + enum: + - IPv4 + - IPv6 type: string type: array - loadBalancerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. + kubeProxyConfig: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + enabled: + type: boolean + ipvsConfig: + properties: + scheduler: + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer type: object + mode: + enum: + - IPTABLES + - IPVS + type: string + type: object + loadBalancerProfile: + properties: allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer backendPoolType: + enum: + - NodeIP + - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: + enum: + - ServiceNodePort + - Shared type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -18123,109 +14877,55 @@ spec: enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 100 + minimum: 1 type: integer countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -18233,149 +14933,134 @@ spec: type: object type: object loadBalancerSku: + enum: + - basic + - standard type: string natGatewayProfile: - description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none type: string networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium + - none type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array + podLinkLocalAccess: + enum: + - IMDS + - None + type: string serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + properties: + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + properties: + mode: + enum: + - Auto + - Manual + type: string type: object nodeResourceGroup: type: string + nodeResourceGroupProfile: + properties: + restrictionLevel: + enum: + - ReadOnly + - Unrestricted + type: string + type: object oidcIssuerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20231001.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -18383,46 +15068,12 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -18431,27 +15082,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -18459,46 +15095,22 @@ spec: type: object type: array secrets: - description: Storage version of v1api20231001.ManagedClusterOperatorSecrets properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -18506,87 +15118,61 @@ spec: type: object type: object type: object - originalVersion: - type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -18594,22 +15180,15 @@ spec: type: string namespace: type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -18618,44 +15197,30 @@ spec: additionalProperties: type: string type: object + required: + - name + - namespace + - podLabels type: object type: array type: object privateLinkResources: items: - description: |- - Storage version of v1api20231001.PrivateLinkResource - A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -18667,194 +15232,111 @@ spec: type: object type: array publicNetworkAccess: + enum: + - Disabled + - Enabled + - SecuredByPerimeter type: string - securityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile - Security profile for the container service cluster. + safeguardsProfile: properties: - $propertyBag: - additionalProperties: + excludedNamespaces: + items: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + type: array + level: + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + type: string + required: + - level + type: object + securityProfile: + properties: azureKeyVaultKms: - description: |- - Storage version of v1api20231001.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: + enum: + - Private + - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object + customCATrustCertificates: + items: + type: string + maxItems: 10 + minItems: 0 + type: array defender: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object + imageIntegrity: + properties: + enabled: + type: boolean + type: object + nodeRestriction: + properties: + enabled: + type: boolean + type: object workloadIdentity: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20231001.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20231001.IstioServiceMesh - Istio service mesh configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: |- - Storage version of v1api20231001.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -18862,23 +15344,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -18886,219 +15360,115 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20231001.IstioComponents - Istio components configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: |- - Storage version of v1api20231001.IstioEgressGateway - Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object + required: + - enabled type: object type: array ingressGateways: items: - description: |- - Storage version of v1api20231001.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: + enum: + - External + - Internal type: string + required: + - enabled + - mode type: object type: array type: object revisions: items: type: string + maxItems: 2 type: array type: object mode: + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: - description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object + required: + - clientId type: object sku: - description: |- - Storage version of v1api20231001.ManagedClusterSKU - The SKU of a Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + enum: + - Automatic + - Base type: string tier: + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + version: + type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object supportPlan: + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string tags: additionalProperties: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20231001.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20231001.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -19106,29 +15476,12 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -19139,17 +15492,7 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20231001.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -19158,78 +15501,43 @@ spec: type: string type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + required: + - enabled type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + addonAutoscaling: + enum: + - Disabled + - Enabled + type: string enabled: type: boolean + required: + - enabled type: object type: object required: + - location - owner type: object status: - description: |- - Storage version of v1api20231001.ManagedCluster_STATUS - Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -19249,17 +15557,7 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string @@ -19267,17 +15565,7 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -19289,16 +15577,11 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + artifactStreamingProfile: + properties: + enabled: + type: boolean type: object availabilityZones: items: @@ -19309,24 +15592,18 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceId: type: string type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean + enableCustomCATrust: + type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -19335,22 +15612,22 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string + gpuProfile: + properties: + installGPUDriver: + type: boolean + type: object hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -19379,31 +15656,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -19470,6 +15727,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -19477,30 +15736,10 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange_STATUS - The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: type: integer portStart: @@ -19515,17 +15754,7 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag_STATUS - Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -19535,6 +15764,10 @@ spec: type: object nodeImageVersion: type: string + nodeInitializationTaints: + items: + type: string + type: array nodeLabels: additionalProperties: type: string @@ -19555,20 +15788,12 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -19582,6 +15807,15 @@ spec: type: string scaleSetPriority: type: string + securityProfile: + properties: + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object spotMaxPrice: type: number tags: @@ -19591,42 +15825,75 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: type: integer maxSurge: type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + scale: + properties: + autoscale: + items: + properties: + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + properties: + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetID: type: string + windowsProfile: + properties: + disableOutboundNat: + type: boolean + type: object workloadRuntime: type: string type: object type: array + aiToolchainOperatorProfile: + properties: + enabled: + type: boolean + type: object apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -19637,23 +15904,25 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean + enableVnetIntegration: + type: boolean privateDNSZone: type: string + subnetId: + type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean expander: type: string + ignore-daemonsets-utilization: + type: boolean max-empty-bulk-delete: type: string max-graceful-termination-sec: @@ -19686,64 +15955,55 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: type: string upgradeChannel: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + appMonitoring: + properties: + autoInstrumentation: + properties: + enabled: + type: boolean + type: object + openTelemetryLogs: + properties: + enabled: + type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + properties: + enabled: + type: boolean + port: + type: integer + type: object + type: object + containerInsights: + properties: + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer type: object metrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -19753,41 +16013,31 @@ spec: type: object azurePortalFQDN: type: string + bootstrapProfile: + properties: + artifactSource: + type: string + containerRegistryId: + type: string + type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -19796,6 +16046,11 @@ spec: - type type: object type: array + creationData: + properties: + sourceResourceId: + type: string + type: object currentKubernetesVersion: type: string disableLocalAccounts: @@ -19804,22 +16059,16 @@ spec: type: string dnsPrefix: type: string + eTag: + type: string + enableNamespaceResources: + type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20231001.ExtendedLocation_STATUS - The complex type of the extended location. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: @@ -19830,17 +16079,11 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: - $propertyBag: - additionalProperties: + effectiveNoProxy: + items: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + type: array httpProxy: type: string httpsProxy: @@ -19855,30 +16098,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20231001.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: @@ -19897,15 +16120,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string principalId: @@ -19915,17 +16130,7 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -19934,47 +16139,40 @@ spec: type: string type: object type: object + ingressProfile: + properties: + webAppRouting: + properties: + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + properties: + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -19985,19 +16183,25 @@ spec: type: string maxAgentPools: type: integer + metricsProfile: + properties: + costAnalysis: + properties: + enabled: + type: boolean + type: object + type: object name: type: string networkProfile: - description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + advancedNetworking: + properties: + observability: + properties: + enabled: + type: boolean + type: object type: object dnsServiceIP: type: string @@ -20005,35 +16209,35 @@ spec: items: type: string type: array - loadBalancerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. + kubeProxyConfig: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + enabled: + type: boolean + ipvsConfig: + properties: + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer type: object + mode: + type: string + type: object + loadBalancerProfile: + properties: allocatedOutboundPorts: type: integer backendPoolType: type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -20043,71 +16247,27 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer countIPv6: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -20117,30 +16277,10 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -20148,17 +16288,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer type: object @@ -20181,76 +16311,52 @@ spec: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + properties: + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + properties: + mode: + type: string type: object nodeResourceGroup: type: string + nodeResourceGroupProfile: + properties: + restrictionLevel: + type: string + type: object oidcIssuerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean issuerURL: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -20263,52 +16369,16 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string details: items: - description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string message: @@ -20330,18 +16400,7 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -20354,17 +16413,7 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -20372,17 +16421,7 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20231001.PrivateLinkResource_STATUS - A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string id: @@ -20405,30 +16444,25 @@ spec: type: string resourceUID: type: string - securityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. + safeguardsProfile: properties: - $propertyBag: - additionalProperties: + excludedNamespaces: + items: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object + securityProfile: + properties: azureKeyVaultKms: - description: |- - Storage version of v1api20231001.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: @@ -20438,119 +16472,51 @@ spec: keyVaultResourceId: type: string type: object + customCATrustCertificates: + items: + type: string + type: array defender: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object + imageIntegrity: + properties: + enabled: + type: boolean + type: object + nodeRestriction: + properties: + enabled: + type: boolean + type: object workloadIdentity: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20231001.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20231001.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: |- - Storage version of v1api20231001.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -20564,52 +16530,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20231001.IstioComponents_STATUS - Istio components configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: |- - Storage version of v1api20231001.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: items: - description: |- - Storage version of v1api20231001.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: @@ -20626,106 +16557,38 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20231001.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object storageProfile: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + version: + type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object @@ -20733,17 +16596,7 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20231001.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object createdAt: type: string createdBy: @@ -20764,29 +16617,9 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20231001.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -20794,33 +16627,13 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20231001.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -20832,44 +16645,16 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + addonAutoscaling: + type: string enabled: type: boolean type: object @@ -20893,31 +16678,28 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102preview + name: v1api20240402previewstorage schema: openAPIV3Schema: properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: items: type: string @@ -20938,21 +16720,31 @@ spec: addonProfiles: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string type: object enabled: type: boolean - required: - - enabled type: object type: object agentPoolProfiles: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object artifactStreamingProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -20961,47 +16753,35 @@ spec: type: string type: array capacityReservationGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21017,47 +16797,49 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string gpuProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object installGPUDriver: type: boolean type: object hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: - minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -21079,16 +16861,21 @@ spec: type: string type: object kubeletDiskType: - enum: - - OS - - Temporary type: string linuxOSConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: type: integer sysctls: properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: type: integer fsFileMax: @@ -21134,16 +16921,10 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -21166,58 +16947,51 @@ spec: minCount: type: integer mode: - enum: - - System - - User type: string name: - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - maximum: 65535 - minimum: 1 type: integer portStart: - maximum: 65535 - minimum: 1 type: integer protocol: - enum: - - TCP - - UDP type: string type: object type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: type: string tag: @@ -21234,23 +17008,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -21260,102 +17026,65 @@ spec: orchestratorVersion: type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - enum: - - Ephemeral - - Managed type: string osSKU: - enum: - - AzureLinux - - CBLMariner - - Mariner - - Ubuntu - - Windows2019 - - Windows2022 - - WindowsAnnual type: string osType: - enum: - - Linux - - Windows + type: string + podIPAllocationMode: type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - enum: - - Running - - Stopped type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete type: string scaleSetPriority: - enum: - - Regular - - Spot type: string securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: type: boolean enableVTPM: type: boolean sshAccess: - enum: - - Disabled - - LocalUser type: string type: object spotMaxPrice: @@ -21365,27 +17094,29 @@ spec: type: string type: object type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - maximum: 1440 - minimum: 1 type: integer maxSurge: type: string nodeSoakDurationInMinutes: - maximum: 30 - minimum: 0 type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer size: @@ -21394,14 +17125,41 @@ spec: type: array virtualMachinesProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object scale: properties: + $propertyBag: + additionalProperties: + type: string + type: object + autoscale: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - maximum: 1000 - minimum: 0 type: integer sizes: items: @@ -21414,47 +17172,45 @@ spec: vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: type: boolean type: object workloadRuntime: - enum: - - KataMshvVmIsolation - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array aiToolchainOperatorProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object apiServerAccessProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: items: type: string @@ -21474,6 +17230,10 @@ spec: type: object autoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -21481,11 +17241,6 @@ spec: daemonset-eviction-for-occupied-nodes: type: boolean expander: - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: type: boolean @@ -21522,133 +17277,161 @@ spec: type: object autoUpgradeProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: properties: - logs: + $propertyBag: + additionalProperties: + type: string + type: object + appMonitoring: properties: - appMonitoring: + $propertyBag: + additionalProperties: + type: string + type: object + autoInstrumentation: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object - containerInsights: + openTelemetryLogs: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsHostLogs: - properties: - enabled: - type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + properties: + $propertyBag: + additionalProperties: + type: string type: object + enabled: + type: boolean + port: + type: integer type: object type: object - metrics: + containerInsights: properties: - appMonitoringOpenTelemetryMetrics: + $propertyBag: + additionalProperties: + type: string + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: properties: - enabled: - type: boolean + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + syslogPort: + type: integer + type: object + metrics: + properties: + $propertyBag: + additionalProperties: + type: string type: object enabled: type: boolean kubeStateMetrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object - required: - - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string + bootstrapProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + artifactSource: + type: string + containerRegistryReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -21661,17 +17444,23 @@ spec: type: boolean extendedLocation: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string type: - enum: - - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: type: string httpsProxy: @@ -21685,65 +17474,56 @@ spec: type: object identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object location: type: string referralResource: type: string resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object type: object type: - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21752,55 +17532,71 @@ spec: identityProfile: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array @@ -21808,63 +17604,98 @@ spec: type: boolean type: object type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: type: string metricsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object + advancedNetworking: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + observability: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: - enum: - - IPv4 - - IPv6 type: string type: array kubeProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean ipvsConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object scheduler: - enum: - - LeastConnection - - RoundRobin type: string tcpFinTimeoutSeconds: type: integer @@ -21874,43 +17705,37 @@ spec: type: integer type: object mode: - enum: - - IPTABLES - - IPVS type: string type: object loadBalancerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - maximum: 64000 - minimum: 0 type: integer backendPoolType: - enum: - - NodeIP - - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: type: string effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21918,43 +17743,41 @@ spec: enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - maximum: 100 - minimum: 1 type: integer countIPv6: - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21962,27 +17785,27 @@ spec: type: object outboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21990,155 +17813,125 @@ spec: type: object type: object loadBalancerSku: - enum: - - basic - - standard type: string - monitoring: - properties: - enabled: - type: boolean - type: object natGatewayProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - enum: - - azure - - cilium type: string networkMode: - enum: - - bridge - - transparent type: string networkPlugin: - enum: - - azure - - kubenet - - none type: string networkPluginMode: - enum: - - overlay type: string networkPolicy: - enum: - - azure - - calico - - cilium - - none type: string outboundType: - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object type: object nodeProvisioningProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object mode: - enum: - - Auto - - Manual type: string type: object nodeResourceGroup: type: string nodeResourceGroupProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: - enum: - - ReadOnly - - Unrestricted type: string type: object oidcIssuerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: + $propertyBag: + additionalProperties: + type: string + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -22146,20 +17939,16 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: + $propertyBag: + additionalProperties: + type: string + type: object oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -22167,29 +17956,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -22197,37 +17970,26 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -22235,21 +17997,22 @@ spec: type: object type: object type: object + originalVersion: + type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: type: boolean enabled: @@ -22257,32 +18020,52 @@ spec: userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -22290,15 +18073,15 @@ spec: type: string namespace: type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string namespace: @@ -22307,38 +18090,30 @@ spec: additionalProperties: type: string type: object - required: - - name - - namespace - - podLabels type: object type: array type: object privateLinkResources: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -22350,98 +18125,91 @@ spec: type: object type: array publicNetworkAccess: - enum: - - Disabled - - Enabled - - SecuredByPerimeter type: string safeguardsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object excludedNamespaces: items: type: string type: array level: - enum: - - Enforcement - - "Off" - - Warning type: string version: type: string - required: - - level type: object securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: - enum: - - Private - - Public type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object customCATrustCertificates: items: type: string - maxItems: 10 - minItems: 0 type: array defender: properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object imageCleaner: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean intervalHours: @@ -22449,28 +18217,56 @@ spec: type: object imageIntegrity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object nodeRestriction: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object workloadIdentity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object serviceMeshProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: type: string certObjectName: @@ -22478,23 +18274,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -22503,95 +18291,94 @@ spec: type: object components: properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: items: properties: - enabled: - type: boolean - nodeSelector: + $propertyBag: additionalProperties: type: string type: object - required: - - enabled + enabled: + type: boolean type: object type: array ingressGateways: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean mode: - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: items: type: string - maxItems: 2 type: array type: object mode: - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object - required: - - clientId type: object sku: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - enum: - - Base type: string tier: - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object diskCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean version: @@ -22599,19 +18386,24 @@ spec: type: object fileCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object snapshotController: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object supportPlan: - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string tags: additionalProperties: @@ -22619,8 +18411,16 @@ spec: type: object upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: type: boolean until: @@ -22629,18 +18429,15 @@ spec: type: object windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -22652,6 +18449,10 @@ spec: type: boolean gmsaProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: type: string enabled: @@ -22660,43 +18461,50 @@ spec: type: string type: object licenseType: - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean - required: - - enabled type: object verticalPodAutoscaler: properties: + $propertyBag: + additionalProperties: + type: string + type: object addonAutoscaling: - enum: - - Disabled - - Enabled type: string enabled: type: boolean - required: - - enabled type: object type: object required: - - location - owner type: object status: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: items: type: string @@ -22717,6 +18525,10 @@ spec: addonProfiles: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string @@ -22725,6 +18537,10 @@ spec: type: boolean identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -22737,8 +18553,16 @@ spec: agentPoolProfiles: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object artifactStreamingProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -22752,11 +18576,17 @@ spec: type: integer creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: type: string type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean enableCustomCATrust: @@ -22769,10 +18599,23 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object installGPUDriver: type: boolean type: object @@ -22780,6 +18623,10 @@ spec: type: string kubeletConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: items: type: string @@ -22809,10 +18656,18 @@ spec: type: string linuxOSConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: type: integer sysctls: properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: type: integer fsFileMax: @@ -22889,9 +18744,17 @@ spec: type: string networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: type: integer portStart: @@ -22907,6 +18770,10 @@ spec: nodePublicIPTags: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: type: string tag: @@ -22940,10 +18807,16 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string type: object @@ -22959,6 +18832,10 @@ spec: type: string securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: type: boolean enableVTPM: @@ -22976,16 +18853,26 @@ spec: type: string upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: type: integer maxSurge: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer size: @@ -22994,11 +18881,40 @@ spec: type: array virtualMachinesProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object scale: properties: + $propertyBag: + additionalProperties: + type: string + type: object + autoscale: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer sizes: @@ -23015,6 +18931,10 @@ spec: type: string windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: type: boolean type: object @@ -23024,11 +18944,19 @@ spec: type: array aiToolchainOperatorProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object apiServerAccessProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: items: type: string @@ -23048,6 +18976,10 @@ spec: type: object autoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -23091,6 +19023,10 @@ spec: type: object autoUpgradeProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: type: string upgradeChannel: @@ -23098,37 +19034,79 @@ spec: type: object azureMonitorProfile: properties: - logs: + $propertyBag: + additionalProperties: + type: string + type: object + appMonitoring: properties: - appMonitoring: + $propertyBag: + additionalProperties: + type: string + type: object + autoInstrumentation: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object - containerInsights: + openTelemetryLogs: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean - logAnalyticsWorkspaceResourceId: - type: string - windowsHostLogs: - properties: - enabled: - type: boolean + port: + type: integer + type: object + openTelemetryMetrics: + properties: + $propertyBag: + additionalProperties: + type: string type: object + enabled: + type: boolean + port: + type: integer type: object type: object + containerInsights: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer + type: object metrics: properties: - appMonitoringOpenTelemetryMetrics: - properties: - enabled: - type: boolean + $propertyBag: + additionalProperties: + type: string type: object enabled: type: boolean kubeStateMetrics: properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -23138,42 +19116,35 @@ spec: type: object azurePortalFQDN: type: string + bootstrapProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + artifactSource: + type: string + containerRegistryId: + type: string + type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -23184,6 +19155,10 @@ spec: type: array creationData: properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: type: string type: object @@ -23195,6 +19170,8 @@ spec: type: string dnsPrefix: type: string + eTag: + type: string enableNamespaceResources: type: boolean enablePodSecurityPolicy: @@ -23203,6 +19180,10 @@ spec: type: boolean extendedLocation: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string type: @@ -23214,6 +19195,10 @@ spec: type: string httpProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveNoProxy: items: type: string @@ -23233,9 +19218,17 @@ spec: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object location: type: string referralResource: @@ -23255,6 +19248,10 @@ spec: userAssignedIdentities: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string principalId: @@ -23265,6 +19262,10 @@ spec: identityProfile: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -23275,8 +19276,16 @@ spec: type: object ingressProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceIds: items: type: string @@ -23285,6 +19294,10 @@ spec: type: boolean identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -23294,17 +19307,31 @@ spec: type: object type: object type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: type: string ssh: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: type: string type: object @@ -23317,8 +19344,16 @@ spec: type: integer metricsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -23327,6 +19362,26 @@ spec: type: string networkProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object + advancedNetworking: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + observability: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object dnsServiceIP: type: string ipFamilies: @@ -23335,10 +19390,18 @@ spec: type: array kubeProxyConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean ipvsConfig: properties: + $propertyBag: + additionalProperties: + type: string + type: object scheduler: type: string tcpFinTimeoutSeconds: @@ -23353,13 +19416,23 @@ spec: type: object loadBalancerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: type: integer backendPoolType: type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -23370,6 +19443,10 @@ spec: type: integer managedOutboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer countIPv6: @@ -23377,9 +19454,17 @@ spec: type: object outboundIPPrefixes: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -23387,9 +19472,17 @@ spec: type: object outboundIPs: properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -23398,16 +19491,19 @@ spec: type: object loadBalancerSku: type: string - monitoring: - properties: - enabled: - type: boolean - type: object natGatewayProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object id: type: string type: object @@ -23416,6 +19512,10 @@ spec: type: integer managedOutboundIPProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object count: type: integer type: object @@ -23438,15 +19538,30 @@ spec: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object type: object nodeProvisioningProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object mode: type: string type: object @@ -23454,11 +19569,19 @@ spec: type: string nodeResourceGroupProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: type: string type: object oidcIssuerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean issuerURL: @@ -23466,6 +19589,10 @@ spec: type: object podIdentityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: type: boolean enabled: @@ -23473,10 +19600,18 @@ spec: userAssignedIdentities: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: type: string identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string objectId: @@ -23490,15 +19625,31 @@ spec: type: string provisioningInfo: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string details: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string message: @@ -23521,6 +19672,10 @@ spec: userAssignedIdentityExceptions: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string namespace: @@ -23534,6 +19689,10 @@ spec: type: object powerState: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: type: string type: object @@ -23542,6 +19701,10 @@ spec: privateLinkResources: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: type: string id: @@ -23566,6 +19729,10 @@ spec: type: string safeguardsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object excludedNamespaces: items: type: string @@ -23581,8 +19748,16 @@ spec: type: object securityProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean keyId: @@ -23598,16 +19773,28 @@ spec: type: array defender: properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object imageCleaner: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean intervalHours: @@ -23615,28 +19802,56 @@ spec: type: object imageIntegrity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object nodeRestriction: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object workloadIdentity: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object type: object serviceMeshProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: type: string certObjectName: @@ -23651,20 +19866,28 @@ spec: type: object components: properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: items: properties: - enabled: - type: boolean - nodeSelector: + $propertyBag: additionalProperties: type: string type: object + enabled: + type: boolean type: object type: array ingressGateways: items: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean mode: @@ -23682,11 +19905,19 @@ spec: type: object servicePrincipalProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: type: string type: object sku: properties: + $propertyBag: + additionalProperties: + type: string + type: object name: type: string tier: @@ -23694,13 +19925,25 @@ spec: type: object storageProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object diskCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean version: @@ -23708,11 +19951,19 @@ spec: type: object fileCSIDriver: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object snapshotController: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object @@ -23721,6 +19972,10 @@ spec: type: string systemData: properties: + $propertyBag: + additionalProperties: + type: string + type: object createdAt: type: string createdBy: @@ -23742,8 +19997,16 @@ spec: type: string upgradeSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: type: boolean until: @@ -23752,12 +20015,20 @@ spec: type: object windowsProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: type: string enabled: @@ -23770,13 +20041,25 @@ spec: type: object workloadAutoScalerProfile: properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: type: boolean type: object verticalPodAutoscaler: properties: + $propertyBag: + additionalProperties: + type: string + type: object addonAutoscaling: type: string enabled: @@ -23802,48 +20085,20 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102previewstorage + name: v1api20240901 schema: openAPIV3Schema: - description: Storage version of v1api20231102preview.ManagedCluster properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231102preview.ManagedCluster_Spec properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20231102preview.ManagedClusterAADProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -23863,108 +20118,55 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterAddonProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string type: object enabled: type: boolean + required: + - enabled type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -23974,55 +20176,33 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string - gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -24044,29 +20224,16 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -24112,10 +20279,16 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -24133,76 +20306,53 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: + enum: + - System + - User type: string name: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + maximum: 65535 + minimum: 1 type: integer portStart: + maximum: 65535 + minimum: 1 type: integer protocol: + enum: + - TCP + - UDP type: string type: object type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -24210,32 +20360,20 @@ spec: type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -24245,88 +20383,80 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 type: string osType: + enum: + - Linux + - Windows type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20231102preview.PowerState properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + enum: + - Running + - Stopped type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -24335,144 +20465,53 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + maximum: 1440 + minimum: 1 type: integer maxSurge: type: string nodeSoakDurationInMinutes: + maximum: 30 + minimum: 0 type: integer type: object - virtualMachineNodesStatus: - items: - description: Storage version of v1api20231102preview.VirtualMachineNodes - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: Storage version of v1api20231102preview.ScaleProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - manual: - items: - description: Storage version of v1api20231102preview.ManualScaleProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object - type: object vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: type: boolean type: object workloadRuntime: + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array - aiToolchainOperatorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object apiServerAccessProfile: - description: Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -24483,23 +20522,11 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean - enableVnetIntegration: - type: boolean privateDNSZone: type: string - subnetId: - type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -24507,6 +20534,11 @@ spec: daemonset-eviction-for-occupied-nodes: type: boolean expander: + enum: + - least-waste + - most-pods + - priority + - random type: string ignore-daemonsets-utilization: type: boolean @@ -24542,235 +20574,78 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - containerInsights: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsHostLogs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object metrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoringOpenTelemetryMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object + required: + - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - creationData: - description: Storage version of v1api20231102preview.CreationData - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: type: string - enableNamespaceResources: - type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20231102preview.ExtendedLocation properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: + enum: + - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -24783,85 +20658,50 @@ spec: type: string type: object identity: - description: Storage version of v1api20231102preview.ManagedClusterIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: Storage version of v1api20231102preview.DelegatedResource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: type: string resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object type: object type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: items: - description: Storage version of v1api20231102preview.UserAssignedIdentityDetails properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -24869,80 +20709,60 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20231102preview.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array @@ -24953,163 +20773,89 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20231102preview.ContainerServiceLinuxProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: Storage version of v1api20231102preview.ContainerServiceSshConfiguration properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20231102preview.ContainerServiceSshPublicKey properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string metricsProfile: - description: Storage version of v1api20231102preview.ManagedClusterMetricsProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: Storage version of v1api20231102preview.ManagedClusterCostAnalysis properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object networkProfile: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + advancedNetworking: + properties: + enabled: + type: boolean + observability: + properties: + enabled: + type: boolean + type: object + security: + properties: + enabled: + type: boolean + type: object type: object dnsServiceIP: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: + enum: + - IPv4 + - IPv6 type: string type: array - kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object loadBalancerProfile: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer backendPoolType: + enum: + - NodeIP + - NodeIPConfiguration type: string effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -25117,105 +20863,55 @@ spec: enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 100 + minimum: 1 type: integer countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20231102preview.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20231102preview.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -25223,180 +20919,115 @@ spec: type: object type: object loadBalancerSku: + enum: + - basic + - standard type: string - monitoring: - description: Storage version of v1api20231102preview.NetworkMonitoring - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: - description: Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: - description: Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none type: string networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium + - none type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: type: string type: array type: object - nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object nodeResourceGroup: type: string nodeResourceGroupProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: + enum: + - ReadOnly + - Unrestricted type: string type: object oidcIssuerProfile: - description: Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20231102preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -25404,28 +21035,12 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -25434,27 +21049,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -25462,46 +21062,22 @@ spec: type: object type: array secrets: - description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -25509,80 +21085,61 @@ spec: type: object type: object type: object - originalVersion: - type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -25590,19 +21147,15 @@ spec: type: string namespace: type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityException properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -25611,42 +21164,30 @@ spec: additionalProperties: type: string type: object - type: object - type: array + required: + - name + - namespace + - podLabels + type: object + type: array type: object privateLinkResources: items: - description: Storage version of v1api20231102preview.PrivateLinkResource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -25658,216 +21199,77 @@ spec: type: object type: array publicNetworkAccess: + enum: + - Disabled + - Enabled type: string - safeguardsProfile: - description: Storage version of v1api20231102preview.SafeguardsProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - version: - type: string - type: object securityProfile: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20231102preview.AzureKeyVaultKms properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: + enum: + - Private + - Public type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - customCATrustCertificates: - items: - type: string - type: array defender: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object - imageIntegrity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: Storage version of v1api20231102preview.ServiceMeshProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: Storage version of v1api20231102preview.IstioServiceMesh properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: Storage version of v1api20231102preview.IstioCertificateAuthority properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: Storage version of v1api20231102preview.IstioPluginCertificateAuthority properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -25875,23 +21277,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -25899,196 +21293,112 @@ spec: type: object type: object components: - description: Storage version of v1api20231102preview.IstioComponents properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: Storage version of v1api20231102preview.IstioEgressGateway properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object + required: + - enabled type: object type: array ingressGateways: items: - description: Storage version of v1api20231102preview.IstioIngressGateway properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: + enum: + - External + - Internal type: string + required: + - enabled + - mode type: object type: array type: object revisions: items: type: string + maxItems: 2 type: array type: object mode: + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: - description: Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object + required: + - clientId type: object sku: - description: Storage version of v1api20231102preview.ManagedClusterSKU properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + enum: + - Base type: string tier: + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object supportPlan: + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string tags: additionalProperties: type: string type: object upgradeSettings: - description: Storage version of v1api20231102preview.ClusterUpgradeSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: Storage version of v1api20231102preview.UpgradeOverrideSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -26096,27 +21406,12 @@ spec: type: object type: object windowsProfile: - description: Storage version of v1api20231102preview.ManagedClusterWindowsProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -26127,15 +21422,7 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20231102preview.WindowsGmsaProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -26144,70 +21431,38 @@ spec: type: string type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + required: + - enabled type: object verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: type: boolean + required: + - enabled type: object type: object required: + - location - owner type: object status: - description: Storage version of v1api20231102preview.ManagedCluster_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -26227,15 +21482,7 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string @@ -26243,15 +21490,7 @@ spec: enabled: type: boolean identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -26263,28 +21502,7 @@ spec: type: object agentPoolProfiles: items: - description: Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string @@ -26294,24 +21512,16 @@ spec: count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceId: type: string type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -26322,31 +21532,10 @@ spec: type: boolean gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupID: type: string kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -26375,27 +21564,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -26462,8 +21635,6 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: @@ -26471,26 +21642,10 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: type: integer portStart: @@ -26505,15 +21660,7 @@ spec: type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -26523,10 +21670,6 @@ spec: type: object nodeImageVersion: type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -26550,15 +21693,7 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -26573,21 +21708,11 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -26598,15 +21723,7 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: type: integer maxSurge: @@ -26614,78 +21731,12 @@ spec: nodeSoakDurationInMinutes: type: integer type: object - virtualMachineNodesStatus: - items: - description: Storage version of v1api20231102preview.VirtualMachineNodes_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: Storage version of v1api20231102preview.ScaleProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - manual: - items: - description: Storage version of v1api20231102preview.ManualScaleProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object - type: object vmSize: type: string vnetSubnetID: type: string windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: type: boolean type: object @@ -26693,29 +21744,8 @@ spec: type: string type: object type: array - aiToolchainOperatorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object apiServerAccessProfile: - description: Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -26726,23 +21756,11 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean - enableVnetIntegration: - type: boolean privateDNSZone: type: string - subnetId: - type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -26785,117 +21803,20 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: type: string upgradeChannel: type: string type: object azureMonitorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - containerInsights: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - windowsHostLogs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object metrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoringOpenTelemetryMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -26907,39 +21828,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -26948,19 +21852,6 @@ spec: - type type: object type: array - creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object currentKubernetesVersion: type: string disableLocalAccounts: @@ -26969,22 +21860,14 @@ spec: type: string dnsPrefix: type: string - enableNamespaceResources: - type: boolean + eTag: + type: string enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20231102preview.ExtendedLocation_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: @@ -26995,19 +21878,7 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveNoProxy: - items: - type: string - type: array httpProxy: type: string httpsProxy: @@ -27022,26 +21893,10 @@ spec: id: type: string identity: - description: Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: Storage version of v1api20231102preview.DelegatedResource_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: @@ -27060,15 +21915,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string principalId: @@ -27078,15 +21925,7 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -27096,25 +21935,9 @@ spec: type: object type: object ingressProfile: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsZoneResourceIds: items: type: string @@ -27122,15 +21945,7 @@ spec: enabled: type: boolean identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -27143,38 +21958,14 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -27186,25 +21977,9 @@ spec: maxAgentPools: type: integer metricsProfile: - description: Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object @@ -27212,14 +21987,21 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + advancedNetworking: + properties: + enabled: + type: boolean + observability: + properties: + enabled: + type: boolean + type: object + security: + properties: + enabled: + type: boolean + type: object type: object dnsServiceIP: type: string @@ -27227,65 +22009,15 @@ spec: items: type: string type: array - kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + loadBalancerProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object - loadBalancerProfile: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: type: integer backendPoolType: type: string effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -27295,67 +22027,27 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer countIPv6: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -27364,40 +22056,11 @@ spec: type: object loadBalancerSku: type: string - monitoring: - description: Storage version of v1api20231102preview.NetworkMonitoring_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: - description: Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -27405,15 +22068,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer type: object @@ -27443,86 +22098,33 @@ spec: type: string type: array type: object - nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object nodeResourceGroup: type: string nodeResourceGroupProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean issuerURL: type: string type: object podIdentityProfile: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -27535,48 +22137,16 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string details: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string message: @@ -27598,15 +22168,7 @@ spec: type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -27619,15 +22181,7 @@ spec: type: array type: object powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -27635,15 +22189,7 @@ spec: type: string privateLinkResources: items: - description: Storage version of v1api20231102preview.PrivateLinkResource_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string id: @@ -27666,49 +22212,10 @@ spec: type: string resourceUID: type: string - safeguardsProfile: - description: Storage version of v1api20231102preview.SafeguardsProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object securityProfile: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: @@ -27718,131 +22225,37 @@ spec: keyVaultResourceId: type: string type: object - customCATrustCertificates: - items: - type: string - type: array defender: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object - imageIntegrity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: Storage version of v1api20231102preview.ServiceMeshProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: Storage version of v1api20231102preview.IstioServiceMesh_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -27856,45 +22269,17 @@ spec: type: object type: object components: - description: Storage version of v1api20231102preview.IstioComponents_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: Storage version of v1api20231102preview.IstioEgressGateway_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: items: - description: Storage version of v1api20231102preview.IstioIngressGateway_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: @@ -27911,94 +22296,36 @@ spec: type: string type: object servicePrincipalProfile: - description: Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string type: object sku: - description: Storage version of v1api20231102preview.ManagedClusterSKU_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object storageProfile: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object @@ -28006,15 +22333,7 @@ spec: supportPlan: type: string systemData: - description: Storage version of v1api20231102preview.SystemData_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object createdAt: type: string createdBy: @@ -28035,25 +22354,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -28061,29 +22364,13 @@ spec: type: object type: object windowsProfile: - description: Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -28095,40 +22382,14 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: type: boolean type: object @@ -28152,1357 +22413,632 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402preview + name: v1api20240901storage schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean + $propertyBag: + additionalProperties: + type: string type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - maximum: 31 - minimum: 28 - type: integer - type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - Gateway - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. - enum: - - AzureLinux - - CBLMariner - - Mariner - - Ubuntu - - Windows2019 - - Windows2022 - - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows - type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - enum: - - DynamicIndividual - - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - enum: - - Disabled - - LocalUser - type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - maximum: 30 - minimum: 0 type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - enum: - - Cordon - - Schedule - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - KataMshvVmIsolation - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array - aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' - properties: - enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' - type: boolean - type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: - balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' - type: string + $propertyBag: + additionalProperties: + type: string + type: object + balance-similar-node-groups: + type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object - type: object - containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean - enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' - type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer + $propertyBag: + additionalProperties: + type: string type: object metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. type: string type: object - required: - - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' - properties: - artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' - enum: - - Cache - - Direct - type: string - containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -29510,338 +23046,262 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only - when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS - zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' type: boolean type: object type: object - kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' - type: string kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + security: + properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. - enum: - - IPv4 - - IPv6 type: string type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - enum: - - LeastConnection - - RoundRobin - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - enum: - - IPTABLES - - IPVS - type: string - type: object loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration - type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' - enum: - - ServiceNodePort - - Shared type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -29849,207 +23309,105 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium - - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - none - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - enum: - - IMDS - - None - type: string serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array - staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. - properties: - enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' - properties: - mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' - enum: - - Auto - - Manual - type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - enum: - - ReadOnly - - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: + $propertyBag: + additionalProperties: + type: string + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -30057,20 +23415,16 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: + $propertyBag: + additionalProperties: + type: string + type: object oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -30078,29 +23432,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -30108,37 +23446,26 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -30146,1564 +23473,934 @@ spec: type: object type: object type: object + originalVersion: + type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled - - SecuredByPerimeter type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: - type: string - type: array - level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - enum: - - Enforcement - - "Off" - - Warning - type: string - version: - description: 'Version: The version of constraints to use' - type: string - required: - - level - type: object securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - maxItems: 10 - minItems: 0 - type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: - egressGateways: - description: 'EgressGateways: Istio egress gateways.' - items: - description: Istio egress gateway configuration. + $propertyBag: + additionalProperties: + type: string + type: object + egressGateways: + items: properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean - required: - - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string - maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object - required: - - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Automatic - - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean - required: - - enabled type: object verticalPodAutoscaler: properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - enum: - - Disabled - - Enabled - type: string + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean - required: - - enabled type: object type: object required: - - location - owner type: object status: - description: Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean + $propertyBag: + additionalProperties: + type: string type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - type: integer - type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array - aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' - properties: - enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' - type: boolean - type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object - type: object - containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean - enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' - type: boolean - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure - Monitor Container Insights Logs. - type: string - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer + $propertyBag: + additionalProperties: + type: string type: object metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string - bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' - properties: - artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' - type: string - containerRegistryId: - description: |- - ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium - SKU and zone redundancy. - type: string - type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -31712,1019 +24409,817 @@ spec: - type type: object type: array - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object currentKubernetesVersion: - description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - effectiveNoProxy: - description: |- - EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a - superset of noProxy and values injected by AKS. - items: + $propertyBag: + additionalProperties: type: string - type: array + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web - App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must - be in the same resource group and all private DNS zones must be in the same resource group. items: type: string type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' type: boolean identity: - description: |- - Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted - permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See - [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more - instructions. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object type: object - kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' - type: string kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + security: + properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. type: string type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - type: string - type: object loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - type: string serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array - staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. - properties: - enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' - properties: - mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' - type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Pod identity assignment error (if any).' properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Details about the error.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: - type: string - type: array - level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - type: string - systemExcludedNamespaces: - description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' - items: - type: string - type: array - version: - description: 'Version: The version of constraints to use' - type: string - type: object securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: + $propertyBag: + additionalProperties: + type: string + type: object createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - type: string + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean type: object type: object @@ -32747,54 +25242,20 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402previewstorage + name: v1api20250801 schema: openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240402preview.ManagedCluster_Spec properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -32814,114 +25275,55 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string type: object enabled: type: boolean + required: + - enabled type: object type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -32931,75 +25333,48 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixSize: + maximum: 31 + minimum: 28 type: integer type: object gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean + driver: + enum: + - Install + - None + type: string type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -33021,33 +25396,16 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -33093,10 +25451,16 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -33119,77 +25483,51 @@ spec: minCount: type: integer mode: + enum: + - Gateway + - System + - User type: string name: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + maximum: 65535 + minimum: 1 type: integer portStart: + maximum: 65535 + minimum: 1 type: integer protocol: + enum: + - TCP + - UDP type: string type: object type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -33197,34 +25535,20 @@ spec: type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -33234,96 +25558,91 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - AzureLinux + - AzureLinux3 + - CBLMariner + - Ubuntu + - Ubuntu2204 + - Windows2019 + - Windows2022 type: string osType: + enum: + - Linux + - Windows type: string podIPAllocationMode: + enum: + - DynamicIndividual + - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + enum: + - Running + - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: type: boolean enableVTPM: type: boolean sshAccess: + enum: + - Disabled + - LocalUser type: string type: object spotMaxPrice: @@ -33333,41 +25652,34 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + maximum: 1440 + minimum: 1 type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: + maximum: 30 + minimum: 0 type: integer undrainableNodeBehavior: + enum: + - Cordon + - Schedule type: string type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer size: @@ -33375,71 +25687,16 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer - sizes: - items: - type: string - type: array + size: + type: string type: object type: array type: object @@ -33447,76 +25704,38 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: type: boolean type: object workloadRuntime: + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -33531,19 +25750,21 @@ spec: type: boolean privateDNSZone: type: string - subnetId: - type: string + subnetReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -33551,6 +25772,11 @@ spec: daemonset-eviction-for-occupied-nodes: type: boolean expander: + enum: + - least-waste + - most-pods + - priority + - random type: string ignore-daemonsets-utilization: type: boolean @@ -33586,319 +25812,96 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile - Prometheus addon profile for the container service cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - type: object - containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - type: integer - type: object metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the prometheus service addon properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics for prometheus addon profile for the container service cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object + required: + - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile - The bootstrap profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object artifactSource: + enum: + - Cache + - Direct type: string containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation - The complex type of the extended location. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: + enum: + - EdgeZone type: string type: object fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -33911,91 +25914,50 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity - Identity for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource - Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object type: object type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -34003,91 +25965,75 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile - Ingress profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting - Web App Routing settings for the ingress profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: type: boolean + nginx: + properties: + defaultIngressControllerType: + enum: + - AnnotationControlled + - External + - Internal + - None + type: string + type: object type: object type: object kind: @@ -34095,320 +26041,134 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile - Profile of network configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + enabled: + type: boolean observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + enabled: + type: boolean + type: object + security: + properties: + advancedNetworkPolicies: + enum: + - FQDN + - L7 + - None + type: string enabled: type: boolean type: object type: object dnsServiceIP: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: + enum: + - IPv4 + - IPv6 type: string type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer backendPoolType: + enum: + - NodeIP + - NodeIPConfiguration type: string - clusterServiceLoadBalancerHealthProbeMode: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + maximum: 100 + minimum: 1 type: integer countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -34416,194 +26176,117 @@ spec: type: object type: object loadBalancerSku: + enum: + - basic + - standard type: string natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer + idleTimeoutInMinutes: + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + properties: + count: + maximum: 16 + minimum: 1 + type: integer type: object type: object networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none type: string networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium + - none type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array - podLinkLocalAccess: - type: string serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile - The Static Egress Gateway addon configuration for the cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + defaultNodePools: + enum: + - Auto + - None + type: string mode: + enum: + - Auto + - Manual type: string type: object nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: + enum: + - ReadOnly + - Unrestricted type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20240402preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -34611,28 +26294,12 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -34641,27 +26308,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -34669,46 +26321,22 @@ spec: type: object type: array secrets: - description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -34716,87 +26344,61 @@ spec: type: object type: object type: object - originalVersion: - type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -34804,22 +26406,15 @@ spec: type: string namespace: type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -34828,44 +26423,30 @@ spec: additionalProperties: type: string type: object + required: + - name + - namespace + - podLabels type: object type: array type: object privateLinkResources: items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource - A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -34877,249 +26458,83 @@ spec: type: object type: array publicNetworkAccess: + enum: + - Disabled + - Enabled type: string - safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - version: - type: string - type: object securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile - Security profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: + enum: + - Private + - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object customCATrustCertificates: items: type: string + maxItems: 10 + minItems: 0 type: array defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh - Istio service mesh configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -35127,23 +26542,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -35151,217 +26558,113 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240402preview.IstioComponents - Istio components configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway - Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + required: + - enabled type: object type: array ingressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: + enum: + - External + - Internal type: string + required: + - enabled + - mode type: object type: array type: object revisions: items: type: string + maxItems: 2 type: array type: object mode: + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object + required: + - clientId type: object sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU - The SKU of a Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + enum: + - Automatic + - Base type: string tier: + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object supportPlan: + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string tags: additionalProperties: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -35369,29 +26672,12 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -35402,17 +26688,7 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -35421,78 +26697,38 @@ spec: type: string type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean + required: + - enabled type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: type: boolean + required: + - enabled type: object type: object required: + - location - owner type: object status: - description: |- - Storage version of v1api20240402preview.ManagedCluster_STATUS - Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -35512,17 +26748,7 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string @@ -35530,17 +26756,7 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -35552,30 +26768,7 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string @@ -35585,17 +26778,7 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object sourceResourceId: type: string type: object @@ -35605,8 +26788,6 @@ spec: type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -35616,49 +26797,21 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixSize: type: integer type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean + driver: + type: string type: object hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -35687,31 +26840,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -35787,30 +26920,10 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange_STATUS - The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: type: integer portStart: @@ -35825,17 +26938,7 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag_STATUS - Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: type: string tag: @@ -35845,10 +26948,6 @@ spec: type: object nodeImageVersion: type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -35874,17 +26973,7 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -35899,17 +26988,7 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: type: boolean enableVTPM: @@ -35919,6 +26998,51 @@ spec: type: object spotMaxPrice: type: number + status: + properties: + provisioningError: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string @@ -35926,21 +27050,13 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer undrainableNodeBehavior: @@ -35948,17 +27064,7 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer size: @@ -35966,71 +27072,16 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer - sizes: - items: - type: string - type: array + size: + type: string type: object type: array type: object @@ -36040,17 +27091,7 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: type: boolean type: object @@ -36059,34 +27100,12 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string @@ -36105,15 +27124,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -36156,154 +27167,20 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: type: string upgradeChannel: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS - Prometheus addon profile for the container service cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + metrics: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + enabled: + type: boolean + kubeStateMetrics: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - type: object - containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - syslogPort: - type: integer - type: object - metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the prometheus service addon - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics for prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: @@ -36314,17 +27191,7 @@ spec: azurePortalFQDN: type: string bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS - The bootstrap profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object artifactSource: type: string containerRegistryId: @@ -36332,39 +27199,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -36373,21 +27223,6 @@ spec: - type type: object type: array - creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object currentKubernetesVersion: type: string disableLocalAccounts: @@ -36398,24 +27233,10 @@ spec: type: string eTag: type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation_STATUS - The complex type of the extended location. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: @@ -36426,21 +27247,7 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveNoProxy: - items: - type: string - type: array httpProxy: type: string httpsProxy: @@ -36455,30 +27262,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: type: string referralResource: @@ -36497,15 +27284,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string principalId: @@ -36515,17 +27294,7 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -36535,29 +27304,9 @@ spec: type: object type: object ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS - Web App Routing settings for the ingress profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsZoneResourceIds: items: type: string @@ -36565,17 +27314,7 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -36583,6 +27322,11 @@ spec: resourceId: type: string type: object + nginx: + properties: + defaultIngressControllerType: + type: string + type: object type: object type: object kind: @@ -36590,44 +27334,14 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -36639,29 +27353,9 @@ spec: maxAgentPools: type: integer metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object @@ -36669,42 +27363,20 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + enabled: + type: boolean observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + enabled: + type: boolean + type: object + security: + properties: + advancedNetworkPolicies: + type: string enabled: type: boolean type: object @@ -36715,71 +27387,15 @@ spec: items: type: string type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: type: integer backendPoolType: type: string - clusterServiceLoadBalancerHealthProbeMode: - type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -36789,71 +27405,27 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer countIPv6: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -36863,30 +27435,10 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object id: type: string type: object @@ -36894,17 +27446,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer type: object @@ -36927,8 +27469,6 @@ spec: items: type: string type: array - podLinkLocalAccess: - type: string serviceCidr: type: string serviceCidrs: @@ -36936,112 +27476,45 @@ spec: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS - The Static Egress Gateway addon configuration for the cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + defaultNodePools: + type: string mode: type: string type: object nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean issuerURL: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: type: boolean enabled: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: @@ -37054,52 +27527,16 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string details: items: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string message: @@ -37121,18 +27558,7 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string namespace: @@ -37145,17 +27571,7 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: type: string type: object @@ -37163,17 +27579,7 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource_STATUS - A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string id: @@ -37196,55 +27602,10 @@ spec: type: string resourceUID: type: string - safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile_STATUS - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean keyId: @@ -37259,148 +27620,36 @@ spec: type: string type: array defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean intervalHours: type: integer type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: type: string certObjectName: @@ -37414,48 +27663,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240402preview.IstioComponents_STATUS - Istio components configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object type: array ingressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean mode: @@ -37472,108 +27690,81 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object - storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. + status: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + provisioningError: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string type: object + type: object + storageProfile: + properties: blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object @@ -37581,17 +27772,7 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20240402preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object createdAt: type: string createdBy: @@ -37612,29 +27793,9 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: type: boolean until: @@ -37642,33 +27803,13 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: type: string enabled: @@ -37680,44 +27821,14 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: type: boolean type: object @@ -37741,456 +27852,312 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240901 + name: v1api20250801storage schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string + gpuProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + driver: + type: string + type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string + $propertyBag: + additionalProperties: + type: string + type: object + allowedUnsafeSysctls: + items: + type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -38198,598 +28165,429 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. - enum: - - AzureLinux - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows + type: string + podIPAllocationMode: type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + maxUnavailable: type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - maximum: 30 - minimum: 0 type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + scale: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + manual: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array + aiToolchainOperatorProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string + subnetReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object - required: - - enabled type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string + bootstrapProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + artifactSource: + type: string + containerRegistryReference: + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + type: string + kind: + type: string + name: + type: string + type: object + type: object disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -38797,312 +28595,254 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only - when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all - public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean + nginx: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + defaultIngressControllerType: + type: string + type: object type: object type: object + kind: + type: string kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object + advancedNetworkPolicies: + type: string enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration type: string - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -39110,181 +28850,104 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array + $propertyBag: + additionalProperties: + type: string + type: object idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium - - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array + staticEgressGatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + defaultNodePools: + type: string + mode: + type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' - enum: - - ReadOnly - - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: + $propertyBag: + additionalProperties: + type: string + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -39292,20 +28955,16 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: + $propertyBag: + additionalProperties: + type: string + type: object oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -39313,29 +28972,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -39343,37 +28986,26 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -39381,1284 +29013,1095 @@ spec: type: object type: object type: object + originalVersion: + type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' + $propertyBag: + additionalProperties: + type: string + type: object + bindingSelector: + type: string + identity: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string + objectIdFromConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object + customCATrustCertificates: + items: + type: string + type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean - required: - - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string - maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object - required: - - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: + $propertyBag: + additionalProperties: + type: string + type: object forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean - required: - - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean - required: - - enabled type: object type: object required: - - location - owner type: object status: - description: Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: + $propertyBag: + additionalProperties: + type: string + type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: + $propertyBag: + additionalProperties: + type: string + type: object sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string + gpuProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + driver: + type: string + type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: + $propertyBag: + additionalProperties: + type: string + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: + $propertyBag: + additionalProperties: + type: string + type: object portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' + type: string + podIPAllocationMode: type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number + status: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + provisioningError: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + $propertyBag: + additionalProperties: + type: string + type: object drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + maxUnavailable: type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + scale: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + manual: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array + aiToolchainOperatorProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: + $propertyBag: + additionalProperties: + type: string + type: object authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. + type: string + subnetId: type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: + $propertyBag: + additionalProperties: + type: string + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: + $propertyBag: + additionalProperties: + type: string + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string + bootstrapProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + artifactSource: + type: string + containerRegistryId: + type: string + type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -40668,6208 +30111,844 @@ spec: type: object type: array currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + $propertyBag: + additionalProperties: + type: string + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: + $propertyBag: + additionalProperties: + type: string + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: + $propertyBag: + additionalProperties: + type: string + type: object dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when - Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public - DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: type: string type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean identity: - description: |- - Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, - for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview - of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object + nginx: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + defaultIngressControllerType: type: string type: object type: object type: object + kind: + type: string kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + type: object keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object + advancedNetworkPolicies: + type: string enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: + $propertyBag: + additionalProperties: + type: string + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: + $propertyBag: + additionalProperties: + type: string + type: object id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: + $propertyBag: + additionalProperties: + type: string + type: object count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array + staticEgressGatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + defaultNodePools: + type: string + mode: + type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: + $propertyBag: + additionalProperties: + type: string + type: object allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + type: object bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: + $propertyBag: + additionalProperties: + type: string + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Pod identity assignment error (if any).' properties: + $propertyBag: + additionalProperties: + type: string + type: object error: - description: 'Error: Details about the error.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: + $propertyBag: + additionalProperties: + type: string + type: object groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object + customCATrustCertificates: + items: + type: string + type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: + $propertyBag: + additionalProperties: + type: string + type: object istio: - description: 'Istio: Istio service mesh configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: + $propertyBag: + additionalProperties: + type: string + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: + $propertyBag: + additionalProperties: + type: string + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - enabled: - description: 'Enabled: Whether to enable the ingress gateway.' - type: boolean - mode: - description: 'Mode: Mode of an ingress gateway.' - type: string - type: object - type: array - type: object - revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade - items: - type: string - type: array - type: object - mode: - description: 'Mode: Mode of the service mesh.' - type: string - type: object - servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. - properties: - clientId: - description: 'ClientId: The ID for the service principal.' - type: string - type: object - sku: - description: 'Sku: The managed cluster SKU.' - properties: - name: - description: 'Name: The name of a managed cluster SKU.' - type: string - tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - type: string - type: object - storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' - properties: - blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' - type: boolean - type: object - diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' - type: boolean - type: object - fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' - type: boolean - type: object - snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' - type: boolean - type: object - type: object - supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - type: string - systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' - properties: - createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' - type: string - createdBy: - description: 'CreatedBy: The identity that created the resource.' - type: string - createdByType: - description: 'CreatedByType: The type of identity that created the resource.' - type: string - lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' - type: string - lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' - type: string - lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' - type: string - type: object - tags: - additionalProperties: - type: string - description: 'Tags: Resource tags.' - type: object - type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' - properties: - overrideSettings: - description: 'OverrideSettings: Settings for overrides.' - properties: - forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. - type: boolean - until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. - type: string - type: object - type: object - windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' - properties: - adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters - type: string - enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). - type: boolean - gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' - properties: - dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' - type: boolean - rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - type: object - licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - type: string - type: object - workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' - properties: - keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable KEDA.' - type: boolean - type: object - verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240901storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20240901.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20240901.ManagedCluster_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - count: - type: integer - creationData: - description: |- - Storage version of v1api20240901.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240901.PortRange - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroupsReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240901.IPTag - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - powerState: - description: |- - Storage version of v1api20240901.PowerState - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - type: object - vmSize: - type: string - vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - tenantId: - type: string - type: object - type: object - type: - type: string - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.UserAssignedIdentityDetails - Information about the user assigned identity for the resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting - Application Routing add-on settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - enabled: - type: boolean - type: object - type: object - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity - Security profile to enable security features on cilium based cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - operatorSpec: - description: |- - Storage version of v1api20240901.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - configMaps: - description: Storage version of v1api20240901.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: Storage version of v1api20240901.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - privateLinkResources: - items: - description: |- - Storage version of v1api20240901.PrivateLinkResource - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - name: - type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - publicNetworkAccess: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240901.IstioComponents - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240901.IstioEgressGateway - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240901.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - tags: - additionalProperties: - type: string - type: object - upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - required: - - owner - type: object - status: - description: |- - Storage version of v1api20240901.ManagedCluster_STATUS - Managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupID: - type: string - count: - type: integer - creationData: - description: |- - Storage version of v1api20240901.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object - currentOrchestratorVersion: - type: string - eTag: - type: string - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - hostGroupID: - type: string - kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240901.PortRange_STATUS - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroups: - items: - type: string - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240901.IPTag_STATUS - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeImageVersion: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - type: object - vmSize: - type: string - vnetSubnetID: - type: string - windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azurePortalFQDN: - type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string - dnsPrefix: - type: string - eTag: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation_STATUS - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdn: - type: string - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - id: - type: string - identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity_STATUS - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource_STATUS - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceId: - type: string - tenantId: - type: string - type: object - type: object - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20240901.ManagedClusterIdentity_UserAssignedIdentities_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - principalId: - type: string - type: object - type: object - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting_STATUS - Application Routing add-on settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceIds: - items: - type: string - type: array - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - maxAgentPools: - type: integer - metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity_STATUS - Security profile to enable security features on cilium based cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - issuerURL: - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20240901.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string - privateLinkResources: - items: - description: |- - Storage version of v1api20240901.PrivateLinkResource_STATUS - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - id: - type: string - name: - type: string - privateLinkServiceID: - type: string - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - provisioningState: - type: string - publicNetworkAccess: - type: string - resourceUID: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceId: - type: string - type: object - defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceId: - type: string - securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh_STATUS - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultId: - type: string - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240901.IstioComponents_STATUS - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240901.IstioEgressGateway_STATUS - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240901.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - type: object - sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - systemData: - description: |- - Storage version of v1api20240901.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 - labels: - app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 - name: managedclustersagentpools.containerservice.azure.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: azureserviceoperator-webhook-service - namespace: azureserviceoperator-system - path: /convert - port: 443 - conversionReviewVersions: - - v1 - group: containerservice.azure.com - names: - kind: ManagedClustersAgentPool - listKind: ManagedClustersAgentPoolList - plural: managedclustersagentpools - singular: managedclustersagentpool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501 - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - minimum: 2 - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixIDReference: - description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure - properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - type: object - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - enum: - - CBLMariner - - Ubuntu - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podSubnetIDReference: - description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - required: - - owner - type: object - status: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - type: string - id: - description: 'Id: Resource ID.' - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - type: string - name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' - type: string - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - powerState: - description: 'PowerState: Describes whether the Agent Pool is Running or Stopped' - properties: - code: - type: string - type: object - properties_type: - description: 'PropertiesType: The type of Agent Pool.' - type: string - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: Resource type' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20210501.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20210501.ManagedClustersAgentPool_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: Storage version of v1api20210501.SysctlConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: + mode: type: string type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixIDReference: - description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + servicePrincipalProfile: properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + $propertyBag: + additionalProperties: + type: string + type: object + clientId: type: string + type: object + sku: + properties: + $propertyBag: + additionalProperties: + type: string + type: object name: - description: Name is the Kubernetes name of the resource. + type: string + tier: type: string type: object - nodeTaints: - items: - type: string - type: array - operatorSpec: - description: |- - Storage version of v1api20210501.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + status: properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + provisioningError: + properties: + $propertyBag: + additionalProperties: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + storageProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + blobCSIDriver: + properties: + $propertyBag: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + properties: + $propertyBag: + additionalProperties: type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + properties: + $propertyBag: + additionalProperties: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: object + enabled: + type: boolean + type: object + snapshotController: + properties: + $propertyBag: + additionalProperties: type: string - required: - - name - - value - type: object - type: array + type: object + enabled: + type: boolean + type: object type: object - orchestratorVersion: - type: string - originalVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: + supportPlan: type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource + systemData: properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + $propertyBag: + additionalProperties: + type: string + type: object + createdAt: type: string - name: - description: This is the name of the Kubernetes resource to reference. + createdBy: type: string - type: object - podSubnetIDReference: - description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + createdByType: type: string - group: - description: Group is the Kubernetes group of the resource. + lastModifiedAt: type: string - kind: - description: Kind is the Kubernetes kind of the resource. + lastModifiedBy: type: string - name: - description: Name is the Kubernetes name of the resource. + lastModifiedByType: type: string type: object - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number tags: additionalProperties: type: string @@ -46877,328 +30956,115 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - maxSurge: - type: string - type: object - vmSize: - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - required: - - owner - type: object - status: - description: Storage version of v1api20210501.ManagedClustersAgentPool_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + overrideSettings: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object type: object - availabilityZones: - items: - type: string - type: array - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - id: - type: string - kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig_STATUS + windowsProfile: properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: + adminUsername: type: string - failSwapOn: + enableCSIProxy: type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: Storage version of v1api20210501.SysctlConfig_STATUS + gmsaProfile: properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: + dnsServer: type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: + enabled: type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer + rootDomainName: + type: string type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: + licenseType: type: string type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - nodeImageVersion: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: - description: Storage version of v1api20210501.PowerState_STATUS + workloadAutoScalerProfile: properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object - code: - type: string - type: object - properties_type: - type: string - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + keda: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + enabled: + type: boolean type: object - maxSurge: - type: string type: object - vmSize: - type: string - vnetSubnetID: - type: string type: object type: object served: true - storage: false + storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready @@ -47215,100 +31081,49 @@ spec: name: v1api20230201 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -47317,30 +31132,18 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -47369,15 +31172,11 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -47446,18 +31245,12 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User @@ -47465,64 +31258,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -47530,29 +31292,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -47561,33 +31307,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - CBLMariner - Ubuntu @@ -47595,52 +31325,31 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: enum: @@ -47649,99 +31358,63 @@ spec: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: maxSurge: type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -47752,48 +31425,27 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -47803,63 +31455,31 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -47887,12 +31507,8 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -47961,136 +31577,74 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: maxSurge: type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -48114,78 +31668,43 @@ spec: name: v1api20230201storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230201.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230201.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string count: type: integer creationData: - description: Storage version of v1api20230201.CreationData properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -48202,37 +31721,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -48262,26 +31766,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -48358,25 +31854,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -48384,40 +31870,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20230201.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -48426,27 +31891,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -48467,72 +31917,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20230201.PowerState properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -48550,14 +31972,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -48565,26 +31983,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -48593,14 +32000,10 @@ spec: - owner type: object status: - description: Storage version of v1api20230201.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -48608,39 +32011,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -48652,14 +32038,10 @@ spec: count: type: integer creationData: - description: Storage version of v1api20230201.CreationData_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -48683,14 +32065,10 @@ spec: id: type: string kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -48720,26 +32098,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -48838,14 +32208,10 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -48871,14 +32237,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -48911,123 +32273,64 @@ spec: name: v1api20231001 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -49036,240 +32339,149 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -49277,40 +32489,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -49318,64 +32515,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -49383,29 +32549,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -49414,33 +32564,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner @@ -49449,167 +32583,100 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -49620,51 +32687,29 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -49674,408 +32719,225 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -50099,100 +32961,55 @@ spec: name: v1api20231001storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20231001.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231001.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -50209,39 +33026,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -50271,30 +33071,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -50367,29 +33155,17 @@ spec: mode: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -50401,38 +33177,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -50446,25 +33208,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -50472,40 +33224,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20231001.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -50514,27 +33245,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -50555,74 +33271,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20231001.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -50640,16 +33326,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -50659,26 +33339,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -50687,14 +33356,10 @@ spec: - owner type: object status: - description: Storage version of v1api20231001.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -50704,39 +33369,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -50748,16 +33396,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -50781,16 +33423,10 @@ spec: id: type: string kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -50820,30 +33456,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -50918,29 +33542,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -50956,16 +33568,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -50999,16 +33605,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -51034,16 +33634,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -51075,138 +33669,81 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102preview + name: v1api20240402preview schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -51215,36 +33752,23 @@ spec: - MIG7g type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -51273,15 +33797,11 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -51356,30 +33876,20 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: + - Gateway - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: items: @@ -51401,23 +33911,15 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array @@ -51432,76 +33934,39 @@ spec: type: array type: object nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -51509,29 +33974,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -51540,33 +33989,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. enum: - AzureLinux - CBLMariner @@ -51577,52 +34010,36 @@ spec: - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + enum: + - DynamicIndividual + - StaticBlock + type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: enum: @@ -51631,47 +34048,33 @@ spec: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: type: boolean @@ -51684,25 +34087,18 @@ spec: type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: maximum: 1440 @@ -51714,6 +34110,11 @@ spec: maximum: 30 minimum: 0 type: integer + undrainableNodeBehavior: + enum: + - Cordon + - Schedule + type: string type: object virtualMachineNodesStatus: items: @@ -51725,16 +34126,26 @@ spec: type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: properties: + autoscale: + items: + properties: + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: properties: count: - maximum: 1000 - minimum: 0 type: integer sizes: items: @@ -51745,42 +34156,25 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - KataMshvVmIsolation - OCIContainer @@ -51792,57 +34186,34 @@ spec: status: properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -51852,75 +34223,45 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. + type: string + eTag: type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: type: boolean type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -51948,12 +34289,8 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -52022,30 +34359,18 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: items: @@ -52073,97 +34398,53 @@ spec: type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' + type: string + podIPAllocationMode: type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: type: boolean @@ -52173,21 +34454,14 @@ spec: type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: type: integer @@ -52195,6 +34469,8 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: @@ -52206,10 +34482,22 @@ spec: type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: properties: + autoscale: + items: + properties: + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: properties: @@ -52224,25 +34512,15 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -52263,51 +34541,27 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102previewstorage + name: v1api20240402previewstorage schema: openAPIV3Schema: - description: |- - Storage version of v1api20231102preview.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231102preview.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -52317,60 +34571,37 @@ spec: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -52386,53 +34617,43 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -52462,26 +34683,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -52556,25 +34769,17 @@ spec: mode: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -52586,36 +34791,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -52633,25 +34826,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -52659,40 +34842,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20231102preview.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -52701,27 +34863,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -52742,72 +34889,46 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20231102preview.PowerState properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -52817,14 +34938,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -52842,14 +34959,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -52857,17 +34970,15 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: - description: Storage version of v1api20231102preview.VirtualMachineNodes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -52876,35 +34987,40 @@ spec: type: object type: array virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: Storage version of v1api20231102preview.ScaleProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: - description: Storage version of v1api20231102preview.ManualScaleProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -52919,37 +35035,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -52960,24 +35061,16 @@ spec: - owner type: object status: - description: Storage version of v1api20231102preview.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -52990,39 +35083,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -53034,20 +35110,18 @@ spec: count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean enableCustomCATrust: @@ -53060,17 +35134,22 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean @@ -53080,14 +35159,10 @@ spec: id: type: string kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -53117,26 +35192,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -53213,25 +35280,17 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -53247,14 +35306,10 @@ spec: type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -53289,17 +35344,15 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -53317,14 +35370,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -53342,14 +35391,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -53357,17 +35402,15 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: - description: Storage version of v1api20231102preview.VirtualMachineNodes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -53376,35 +35419,40 @@ spec: type: object type: array virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: Storage version of v1api20231102preview.ScaleProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: - description: Storage version of v1api20231102preview.ManualScaleProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -53421,14 +35469,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -53454,157 +35498,67 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402preview + name: v1api20240901 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - maximum: 31 - minimum: 28 - type: integer - type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -53612,259 +35566,150 @@ spec: - MIG4g - MIG7g type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - - Gateway - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -53872,115 +35717,59 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -53988,29 +35777,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -54019,321 +35792,136 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. enum: - AzureLinux - CBLMariner - - Mariner - Ubuntu - Windows2019 - Windows2022 - - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - enum: - - DynamicIndividual - - StaticBlock - type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - enum: - - Disabled - - LocalUser - type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - enum: - - Cordon - - Schedule - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - - KataMshvVmIsolation - OCIContainer - WasmWasi type: string @@ -54342,61 +35930,30 @@ spec: type: object status: properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -54406,564 +35963,241 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - type: integer - type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -54984,123 +36218,63 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402previewstorage + name: v1api20240901storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -55109,70 +36283,25 @@ spec: type: boolean enableUltraSSD: type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -55202,30 +36331,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -55293,36 +36410,22 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -55334,38 +36437,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -55374,34 +36463,20 @@ spec: type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -55409,40 +36484,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -55451,27 +36505,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -55492,76 +36531,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object - podIPAllocationMode: - type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -55571,23 +36578,15 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -55598,16 +36597,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -55615,134 +36608,26 @@ spec: type: string nodeSoakDurationInMinutes: type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -55753,27 +36638,10 @@ spec: - owner type: object status: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean type: object availabilityZones: items: @@ -55783,39 +36651,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -55827,16 +36678,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -55847,8 +36692,6 @@ spec: type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -55857,51 +36700,17 @@ spec: type: boolean enableUltraSSD: type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupID: type: string id: type: string kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -55931,30 +36740,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -56022,8 +36819,6 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: @@ -56031,29 +36826,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -56069,16 +36852,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -56089,10 +36866,6 @@ spec: type: object nodeImageVersion: type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -56113,21 +36886,13 @@ spec: type: string osType: type: string - podIPAllocationMode: - type: string podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -56145,23 +36910,15 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -56172,16 +36929,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -56189,113 +36940,16 @@ spec: type: string nodeSoakDurationInMinutes: type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: type: string vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -56321,126 +36975,74 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240901 + name: v1api20250801 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -56448,241 +37050,161 @@ spec: - MIG4g - MIG7g type: string + gpuProfile: + properties: + driver: + enum: + - Install + - None + type: string + type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: + - Gateway - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -56690,40 +37212,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -56731,64 +37238,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -56796,29 +37272,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -56827,232 +37287,179 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux + - AzureLinux3 - CBLMariner - Ubuntu + - Ubuntu2204 - Windows2019 - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + enum: + - DynamicIndividual + - StaticBlock + type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + enum: + - Disabled + - LocalUser + type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + maxUnavailable: type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer + undrainableNodeBehavior: + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + scale: + properties: + manual: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -57063,51 +37470,29 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -57117,442 +37502,330 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + properties: + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string + gpuProfile: + properties: + driver: + type: string + type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - â‰Ĩ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' + type: string + podIPAllocationMode: type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number + status: + properties: + provisioningError: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + additionalInfo: + items: + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + maxUnavailable: type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + scale: + properties: + manual: + items: + properties: + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -57573,103 +37846,58 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240901storage + name: v1api20250801storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240901.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240901.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -57683,42 +37911,43 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string + gpuProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + driver: + type: string + type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -57748,30 +37977,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -57839,34 +38056,24 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -57878,38 +38085,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -57923,25 +38116,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -57949,40 +38132,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20240901.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -57991,27 +38153,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -58032,74 +38179,46 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240901.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -58109,21 +38228,17 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean enableVTPM: type: boolean + sshAccess: + type: string type: object spotMaxPrice: type: number @@ -58134,60 +38249,81 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + scale: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + manual: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -58198,14 +38334,10 @@ spec: - owner type: object status: - description: Storage version of v1api20240901.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -58215,39 +38347,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -58259,16 +38374,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -58287,23 +38396,35 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string + gpuProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + driver: + type: string + type: object hostGroupID: type: string id: type: string kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -58333,30 +38454,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -58424,6 +38533,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -58431,29 +38542,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -58469,16 +38568,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -58509,19 +38602,15 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -58539,24 +38628,85 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean enableVTPM: type: boolean + sshAccess: + type: string type: object spotMaxPrice: type: number + status: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + provisioningError: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + additionalInfo: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string @@ -58564,39 +38714,71 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + scale: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + manual: + items: + properties: + $propertyBag: + additionalProperties: + type: string + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -58615,10 +38797,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: natgateways.network.azure.com spec: conversion: @@ -58634,6 +38816,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: NatGateway listKind: NatGatewayList plural: natgateways @@ -58657,70 +38842,31 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -58728,29 +38874,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -58759,77 +38889,50 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' enum: - Standard type: string @@ -58837,10 +38940,8 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -58848,44 +38949,25 @@ spec: - owner type: object status: - description: Nat Gateway resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -58895,73 +38977,52 @@ spec: type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the NAT gateway resource.' type: string publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array resourceGuid: - description: 'ResourceGuid: The resource GUID property of the NAT gateway resource.' type: string sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' type: string type: object subnets: - description: 'Subnets: An array of references to the subnets using this nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -58987,83 +39048,39 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.NatGateway - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.NatGateway_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: type: integer location: type: string operatorSpec: - description: |- - Storage version of v1api20220701.NatGatewayOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59072,27 +39089,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59103,99 +39105,60 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: items: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: |- - Storage version of v1api20220701.NatGatewaySku - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -59212,52 +39175,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.NatGateway_STATUS - Nat Gateway resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -59280,16 +39220,10 @@ spec: type: string publicIpAddresses: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -59297,16 +39231,10 @@ spec: type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -59315,32 +39243,20 @@ spec: resourceGuid: type: string sku: - description: |- - Storage version of v1api20220701.NatGatewaySku_STATUS - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string type: object subnets: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -59378,70 +39294,31 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59449,29 +39326,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59480,77 +39341,50 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' enum: - Standard type: string @@ -59558,10 +39392,8 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -59569,44 +39401,25 @@ spec: - owner type: object status: - description: Nat Gateway resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -59616,73 +39429,52 @@ spec: type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the NAT gateway resource.' type: string publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array resourceGuid: - description: 'ResourceGuid: The resource GUID property of the NAT gateway resource.' type: string sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' type: string type: object subnets: - description: 'Subnets: An array of references to the subnets using this nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -59708,83 +39500,39 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.NatGateway - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.NatGateway_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: type: integer location: type: string operatorSpec: - description: |- - Storage version of v1api20240301.NatGatewayOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59793,27 +39541,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59824,99 +39557,60 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: |- - Storage version of v1api20240301.NatGatewaySku - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -59933,52 +39627,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.NatGateway_STATUS - Nat Gateway resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -60001,16 +39672,10 @@ spec: type: string publicIpAddresses: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60018,16 +39683,10 @@ spec: type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60036,32 +39695,20 @@ spec: resourceGuid: type: string sku: - description: |- - Storage version of v1api20240301.NatGatewaySku_STATUS - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string type: object subnets: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60089,10 +39736,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: privateendpoints.network.azure.com spec: conversion: @@ -60108,6 +39755,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: PrivateEndpoint listKind: PrivateEndpointList plural: privateendpoints @@ -60131,187 +39781,102 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60319,20 +39884,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: primaryNicPrivateIpAddress: - description: |- - PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no - config map will be created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -60340,29 +39897,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60371,154 +39912,94 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Private endpoint resource. properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -60528,201 +40009,129 @@ spec: type: object type: array customDnsConfigs: - description: 'CustomDnsConfigs: An array of custom dns configurations.' items: - description: Contains custom Dns resolution configuration from customer. properties: fqdn: - description: 'Fqdn: Fqdn that resolves to private endpoint ip address.' type: string ipAddresses: - description: 'IpAddresses: A list of private ip addresses of the private endpoint.' items: type: string type: array type: object type: array customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: - description: 'Type: The resource type.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array name: - description: 'Name: Resource name.' type: string networkInterfaces: - description: 'NetworkInterfaces: An array of references to the network interfaces created for this private endpoint.' items: - description: A network interface in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the private endpoint resource.' type: string subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: id: - description: 'Id: Resource ID.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -60746,92 +40155,49 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.PrivateEndpoint - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.PrivateEndpoint_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: type: string extendedLocation: - description: |- - Storage version of v1api20220701.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -60840,16 +40206,10 @@ spec: type: object ipConfigurations: items: - description: |- - Storage version of v1api20220701.PrivateEndpointIPConfiguration - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -60865,16 +40225,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -60883,42 +40237,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -60926,40 +40264,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20220701.PrivateEndpointOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60967,28 +40284,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20220701.PrivateEndpointOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object primaryNicPrivateIpAddress: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -60997,27 +40302,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61028,30 +40318,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -61060,42 +40339,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -61103,35 +40366,21 @@ spec: type: object type: array subnet: - description: |- - Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -61143,29 +40392,17 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -61173,39 +40410,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -61216,16 +40436,10 @@ spec: type: array customDnsConfigs: items: - description: |- - Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS - Contains custom Dns resolution configuration from customer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fqdn: type: string @@ -61240,16 +40454,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20220701.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -61260,16 +40468,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -61289,16 +40491,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -61311,21 +40507,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -61343,16 +40531,10 @@ spec: type: string networkInterfaces: items: - description: |- - Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded - A network interface in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -61360,16 +40542,10 @@ spec: type: array privateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -61382,21 +40558,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -61413,16 +40581,10 @@ spec: provisioningState: type: string subnet: - description: |- - Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -61455,187 +40617,102 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61643,20 +40720,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: primaryNicPrivateIpAddress: - description: |- - PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no - config map will be created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -61664,29 +40733,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61695,154 +40748,94 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Private endpoint resource. properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -61852,201 +40845,129 @@ spec: type: object type: array customDnsConfigs: - description: 'CustomDnsConfigs: An array of custom dns configurations.' items: - description: Contains custom Dns resolution configuration from customer. properties: fqdn: - description: 'Fqdn: Fqdn that resolves to private endpoint ip address.' type: string ipAddresses: - description: 'IpAddresses: A list of private ip addresses of the private endpoint.' items: type: string type: array type: object type: array customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: - description: 'Type: The resource type.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array name: - description: 'Name: Resource name.' type: string networkInterfaces: - description: 'NetworkInterfaces: An array of references to the network interfaces created for this private endpoint.' items: - description: A network interface in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the private endpoint resource.' type: string subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: id: - description: 'Id: Resource ID.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -62070,92 +40991,49 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.PrivateEndpoint - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.PrivateEndpoint_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20240301.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -62164,16 +41042,10 @@ spec: type: object ipConfigurations: items: - description: |- - Storage version of v1api20240301.PrivateEndpointIPConfiguration - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -62189,16 +41061,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -62207,42 +41073,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -62250,40 +41100,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20240301.PrivateEndpointOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62291,28 +41120,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20240301.PrivateEndpointOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object primaryNicPrivateIpAddress: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -62321,27 +41138,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62352,30 +41154,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -62384,42 +41175,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -62427,35 +41202,21 @@ spec: type: object type: array subnet: - description: |- - Storage version of v1api20240301.Subnet_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -62467,29 +41228,17 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20240301.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -62497,39 +41246,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -62540,16 +41272,10 @@ spec: type: array customDnsConfigs: items: - description: |- - Storage version of v1api20240301.CustomDnsConfigPropertiesFormat_STATUS - Contains custom Dns resolution configuration from customer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fqdn: type: string @@ -62564,16 +41290,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -62584,16 +41304,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20240301.PrivateEndpointIPConfiguration_STATUS - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62613,16 +41327,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62635,21 +41343,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -62667,16 +41367,10 @@ spec: type: string networkInterfaces: items: - description: |- - Storage version of v1api20240301.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded - A network interface in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -62684,16 +41378,10 @@ spec: type: array privateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62706,21 +41394,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -62737,16 +41417,10 @@ spec: provisioningState: type: string subnet: - description: |- - Storage version of v1api20240301.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -62769,10 +41443,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: resourcegroups.resources.azure.com spec: conversion: @@ -62788,6 +41462,9 @@ spec: - v1 group: resources.azure.com names: + categories: + - azure + - resources kind: ResourceGroup listKind: ResourceGroupList plural: resourcegroups @@ -62811,74 +41488,33 @@ spec: name: v1api20200601 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json - - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 90 minLength: 1 type: string location: - description: |- - Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be - one of the supported Azure locations. type: string managedBy: - description: 'ManagedBy: The ID of the resource that manages this resource group.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62886,29 +41522,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62919,50 +41539,30 @@ spec: tags: additionalProperties: type: string - description: 'Tags: The tags attached to the resource group.' type: object required: - location type: object status: - description: Resource group information. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -62972,33 +41572,23 @@ spec: type: object type: array id: - description: 'Id: The ID of the resource group.' type: string location: - description: |- - Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be - one of the supported Azure locations. type: string managedBy: - description: 'ManagedBy: The ID of the resource that manages this resource group.' type: string name: - description: 'Name: The name of the resource group.' type: string properties: - description: 'Properties: The resource group properties.' properties: provisioningState: - description: 'ProvisioningState: The provisioning state.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: The tags attached to the resource group.' type: object type: - description: 'Type: The type of the resource group.' type: string type: object type: object @@ -63022,83 +41612,39 @@ spec: name: v1api20200601storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20200601.ResourceGroup - Generator information: - - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json - - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20200601.ResourceGroup_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string location: type: string managedBy: type: string operatorSpec: - description: |- - Storage version of v1api20200601.ResourceGroupOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63107,27 +41653,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63143,52 +41674,29 @@ spec: type: object type: object status: - description: |- - Storage version of v1api20200601.ResourceGroup_STATUS - Resource group information. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -63206,16 +41714,10 @@ spec: name: type: string properties: - description: |- - Storage version of v1api20200601.ResourceGroupProperties_STATUS - The resource group properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object provisioningState: type: string @@ -63238,10 +41740,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: virtualnetworks.network.azure.com spec: conversion: @@ -63257,6 +41759,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: VirtualNetwork listKind: VirtualNetworkList plural: virtualnetworks @@ -63280,102 +41785,62 @@ spec: name: v1api20201101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string required: - virtualNetworkCommunity type: object ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string @@ -63384,64 +41849,34 @@ spec: - type type: object ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63449,29 +41884,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63480,84 +41899,54 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Virtual Network resource. properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: regionalCommunity: - description: 'RegionalCommunity: The BGP community associated with the region of the virtual network.' type: string virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -63567,74 +41956,52 @@ spec: type: object type: array ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: id: - description: 'Id: Resource ID.' type: string type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the virtual network resource.' type: string resourceGuid: - description: 'ResourceGuid: The resourceGuid property of the Virtual Network resource.' type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -63658,50 +42025,24 @@ spec: name: v1api20201101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20201101.VirtualNetwork - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20201101.VirtualNetwork_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20201101.AddressSpace - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -63709,70 +42050,40 @@ spec: type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: |- - Storage version of v1api20201101.VirtualNetworkBgpCommunities - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object virtualNetworkCommunity: type: string type: object ddosProtectionPlan: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: |- - Storage version of v1api20201101.DhcpOptions - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -63784,16 +42095,10 @@ spec: enableVmProtection: type: boolean extendedLocation: - description: |- - Storage version of v1api20201101.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -63802,35 +42107,21 @@ spec: type: object ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -63838,40 +42129,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20201101.VirtualNetworkOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63880,27 +42150,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63911,16 +42166,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object tags: @@ -63931,28 +42181,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20201101.VirtualNetwork_STATUS - Virtual Network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20201101.AddressSpace_STATUS - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -63960,16 +42198,10 @@ spec: type: array type: object bgpCommunities: - description: |- - Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object regionalCommunity: type: string @@ -63978,39 +42210,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -64020,32 +42235,19 @@ spec: type: object type: array ddosProtectionPlan: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object dhcpOptions: - description: |- - Storage version of v1api20201101.DhcpOptions_STATUS - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -64059,16 +42261,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20201101.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -64079,16 +42275,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -64130,106 +42320,62 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string required: - virtualNetworkCommunity type: object ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean encryption: - description: |- - Encryption: Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted - VNet. properties: enabled: - description: 'Enabled: Indicates if encryption is enabled on the virtual network.' type: boolean enforcement: - description: |- - Enforcement: If the encrypted VNet allows VM that does not support encryption. This field is for future support, - AllowUnencrypted is the only supported value at general availability. enum: - AllowUnencrypted - DropUnencrypted @@ -64238,79 +42384,45 @@ spec: - enabled type: object extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object flowTimeoutInMinutes: - description: 'FlowTimeoutInMinutes: The FlowTimeout value (in minutes) for the Virtual Network' type: integer ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64318,29 +42430,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64349,20 +42445,14 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointVNetPolicies: - description: 'PrivateEndpointVNetPolicies: Private Endpoint VNet Policies.' enum: - Basic - Disabled @@ -64370,69 +42460,44 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Virtual Network resource. properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: regionalCommunity: - description: 'RegionalCommunity: The BGP community associated with the region of the virtual network.' type: string virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -64442,104 +42507,70 @@ spec: type: object type: array ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: id: - description: 'Id: Resource ID.' type: string type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean encryption: - description: |- - Encryption: Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted - VNet. properties: enabled: - description: 'Enabled: Indicates if encryption is enabled on the virtual network.' type: boolean enforcement: - description: |- - Enforcement: If the encrypted VNet allows VM that does not support encryption. This field is for future support, - AllowUnencrypted is the only supported value at general availability. type: string type: object etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object flowLogs: - description: 'FlowLogs: A collection of references to flow log resources.' items: - description: A flow log resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array flowTimeoutInMinutes: - description: 'FlowTimeoutInMinutes: The FlowTimeout value (in minutes) for the Virtual Network' type: integer id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string privateEndpointVNetPolicies: - description: 'PrivateEndpointVNetPolicies: Private Endpoint VNet Policies.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the virtual network resource.' type: string resourceGuid: - description: 'ResourceGuid: The resourceGuid property of the Virtual Network resource.' type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -64563,50 +42594,24 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.VirtualNetwork - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.VirtualNetwork_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20240301.AddressSpace - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -64614,70 +42619,40 @@ spec: type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: |- - Storage version of v1api20240301.VirtualNetworkBgpCommunities - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object virtualNetworkCommunity: type: string type: object ddosProtectionPlan: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: |- - Storage version of v1api20240301.DhcpOptions - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -64689,16 +42664,10 @@ spec: enableVmProtection: type: boolean encryption: - description: |- - Storage version of v1api20240301.VirtualNetworkEncryption - Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -64706,16 +42675,10 @@ spec: type: string type: object extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -64726,35 +42689,21 @@ spec: type: integer ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -64762,40 +42711,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20240301.VirtualNetworkOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64804,27 +42732,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64835,16 +42748,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointVNetPolicies: @@ -64857,28 +42765,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.VirtualNetwork_STATUS - Virtual Network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20240301.AddressSpace_STATUS - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -64886,16 +42782,10 @@ spec: type: array type: object bgpCommunities: - description: |- - Storage version of v1api20240301.VirtualNetworkBgpCommunities_STATUS - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object regionalCommunity: type: string @@ -64904,39 +42794,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -64946,32 +42819,19 @@ spec: type: object type: array ddosProtectionPlan: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object dhcpOptions: - description: |- - Storage version of v1api20240301.DhcpOptions_STATUS - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -64983,16 +42843,10 @@ spec: enableVmProtection: type: boolean encryption: - description: |- - Storage version of v1api20240301.VirtualNetworkEncryption_STATUS - Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -65002,16 +42856,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -65020,16 +42868,10 @@ spec: type: object flowLogs: items: - description: |- - Storage version of v1api20240301.FlowLog_STATUS_SubResourceEmbedded - A flow log resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -65041,16 +42883,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -65084,10 +42920,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: virtualnetworkssubnets.network.azure.com spec: conversion: @@ -65103,6 +42939,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: VirtualNetworksSubnet listKind: VirtualNetworksSubnetList plural: virtualnetworkssubnets @@ -65126,187 +42965,106 @@ spec: name: v1api20201101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIpConfigurations: - description: 'ApplicationGatewayIpConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: object type: array ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65314,29 +43072,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65345,93 +43087,63 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' enum: - Disabled - Enabled type: string privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' enum: - Disabled - Enabled type: string routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array @@ -65441,59 +43153,36 @@ spec: status: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIpConfigurations: - description: 'ApplicationGatewayIpConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -65503,171 +43192,118 @@ spec: type: object type: array delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: actions: - description: 'Actions: The actions permitted to the service upon delegation.' items: type: string type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the service delegation resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: - description: 'Type: Resource type.' type: string type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurationProfiles: - description: 'IpConfigurationProfiles: Array of IP configuration profiles which reference this subnet.' items: - description: IP configuration profile child resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurations: - description: |- - IpConfigurations: An array of references to the network interface IP configurations using subnet. This field is not - included if there are more than 2000 entries. items: - description: IP configuration. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: id: - description: 'Id: Resource ID.' type: string type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' type: string privateEndpoints: - description: 'PrivateEndpoints: An array of references to private endpoints.' items: - description: Private endpoint resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the subnet resource.' type: string purpose: - description: |- - Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined - properties. type: string resourceNavigationLinks: - description: 'ResourceNavigationLinks: An array of references to the external resources using subnet.' items: - description: ResourceNavigationLink resource. properties: id: - description: 'Id: Resource navigation link identifier.' type: string type: object type: array routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object serviceAssociationLinks: - description: 'ServiceAssociationLinks: An array of references to services injecting into this subnet.' items: - description: ServiceAssociationLink resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the service endpoint resource.' type: string service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array type: - description: 'Type: Resource type.' type: string type: object type: object @@ -65691,38 +43327,18 @@ spec: name: v1api20201101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20201101.VirtualNetworksSubnet - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20201101.VirtualNetworksSubnet_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -65732,56 +43348,33 @@ spec: type: array applicationGatewayIpConfigurations: items: - description: |- - Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string delegations: items: - description: |- - Storage version of v1api20201101.Delegation - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -65791,140 +43384,77 @@ spec: type: array ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: |- - Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - Storage version of v1api20201101.VirtualNetworksSubnetOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65933,27 +43463,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65964,16 +43479,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: @@ -65981,85 +43491,51 @@ spec: privateLinkServiceNetworkPolicies: type: string routeTable: - description: |- - Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPropertiesFormat - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: @@ -66073,14 +43549,10 @@ spec: - owner type: object status: - description: Storage version of v1api20201101.VirtualNetworksSubnet_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -66090,16 +43562,10 @@ spec: type: array applicationGatewayIpConfigurations: items: - description: |- - Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66107,39 +43573,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -66150,16 +43599,10 @@ spec: type: array delegations: items: - description: |- - Storage version of v1api20201101.Delegation_STATUS - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actions: items: @@ -66185,16 +43628,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66202,16 +43639,10 @@ spec: type: array ipConfigurationProfiles: items: - description: |- - Storage version of v1api20201101.IPConfigurationProfile_STATUS - IP configuration profile child resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66219,16 +43650,10 @@ spec: type: array ipConfigurations: items: - description: |- - Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66237,31 +43662,19 @@ spec: name: type: string natGateway: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object networkSecurityGroup: - description: |- - Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66270,16 +43683,10 @@ spec: type: string privateEndpoints: items: - description: |- - Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66293,48 +43700,30 @@ spec: type: string resourceNavigationLinks: items: - description: |- - Storage version of v1api20201101.ResourceNavigationLink_STATUS - ResourceNavigationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object type: array routeTable: - description: |- - Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object serviceAssociationLinks: items: - description: |- - Storage version of v1api20201101.ServiceAssociationLink_STATUS - ServiceAssociationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66342,16 +43731,10 @@ spec: type: array serviceEndpointPolicies: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66359,16 +43742,10 @@ spec: type: array serviceEndpoints: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: @@ -66404,192 +43781,108 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIPConfigurations: - description: 'ApplicationGatewayIPConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string defaultOutboundAccess: - description: |- - DefaultOutboundAccess: Set this property to false to disable default outbound connectivity for all VMs in the subnet. - This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. type: boolean delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: object type: array ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66597,29 +43890,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66628,20 +43905,14 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' enum: - Disabled - Enabled @@ -66649,105 +43920,69 @@ spec: - RouteTableEnabled type: string privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' enum: - Disabled - Enabled type: string routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array networkIdentifier: - description: 'NetworkIdentifier: SubResource as network identifier.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array sharingScope: - description: |- - SharingScope: Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This - property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. enum: - DelegatedServices - Tenant @@ -66758,59 +43993,36 @@ spec: status: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIPConfigurations: - description: 'ApplicationGatewayIPConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -66820,188 +44032,127 @@ spec: type: object type: array defaultOutboundAccess: - description: |- - DefaultOutboundAccess: Set this property to false to disable default outbound connectivity for all VMs in the subnet. - This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. type: boolean delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: actions: - description: 'Actions: The actions permitted to the service upon delegation.' items: type: string type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the service delegation resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: - description: 'Type: Resource type.' type: string type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurationProfiles: - description: 'IpConfigurationProfiles: Array of IP configuration profiles which reference this subnet.' items: - description: IP configuration profile child resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurations: - description: |- - IpConfigurations: An array of references to the network interface IP configurations using subnet. This field is not - included if there are more than 2000 entries. items: - description: IP configuration. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: id: - description: 'Id: Resource ID.' type: string type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' type: string privateEndpoints: - description: 'PrivateEndpoints: An array of references to private endpoints.' items: - description: Private endpoint resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the subnet resource.' type: string purpose: - description: |- - Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined - properties. type: string resourceNavigationLinks: - description: 'ResourceNavigationLinks: An array of references to the external resources using subnet.' items: - description: ResourceNavigationLink resource. properties: id: - description: 'Id: Resource navigation link identifier.' type: string type: object type: array routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object serviceAssociationLinks: - description: 'ServiceAssociationLinks: An array of references to services injecting into this subnet.' items: - description: ServiceAssociationLink resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array networkIdentifier: - description: 'NetworkIdentifier: SubResource as network identifier.' properties: id: - description: 'Id: Resource ID.' type: string type: object provisioningState: - description: 'ProvisioningState: The provisioning state of the service endpoint resource.' type: string service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array sharingScope: - description: |- - SharingScope: Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This - property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. type: string type: - description: 'Type: Resource type.' type: string type: object type: object @@ -67025,38 +44176,18 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.VirtualNetworksSubnet - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.VirtualNetworksSubnet_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -67066,58 +44197,35 @@ spec: type: array applicationGatewayIPConfigurations: items: - description: |- - Storage version of v1api20240301.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string defaultOutboundAccess: type: boolean delegations: items: - description: |- - Storage version of v1api20240301.Delegation - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -67127,140 +44235,77 @@ spec: type: array ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: |- - Storage version of v1api20240301.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - Storage version of v1api20240301.VirtualNetworksSubnetOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -67269,27 +44314,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -67300,16 +44330,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: @@ -67317,120 +44342,72 @@ spec: privateLinkServiceNetworkPolicies: type: string routeTable: - description: |- - Storage version of v1api20240301.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPropertiesFormat - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: type: string type: array networkIdentifier: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -67444,14 +44421,10 @@ spec: - owner type: object status: - description: Storage version of v1api20240301.VirtualNetworksSubnet_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -67461,16 +44434,10 @@ spec: type: array applicationGatewayIPConfigurations: items: - description: |- - Storage version of v1api20240301.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67478,39 +44445,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -67523,16 +44473,10 @@ spec: type: boolean delegations: items: - description: |- - Storage version of v1api20240301.Delegation_STATUS - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actions: items: @@ -67558,16 +44502,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67575,16 +44513,10 @@ spec: type: array ipConfigurationProfiles: items: - description: |- - Storage version of v1api20240301.IPConfigurationProfile_STATUS - IP configuration profile child resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67592,16 +44524,10 @@ spec: type: array ipConfigurations: items: - description: |- - Storage version of v1api20240301.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67610,31 +44536,19 @@ spec: name: type: string natGateway: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object networkSecurityGroup: - description: |- - Storage version of v1api20240301.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67643,16 +44557,10 @@ spec: type: string privateEndpoints: items: - description: |- - Storage version of v1api20240301.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67666,48 +44574,30 @@ spec: type: string resourceNavigationLinks: items: - description: |- - Storage version of v1api20240301.ResourceNavigationLink_STATUS - ResourceNavigationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object type: array routeTable: - description: |- - Storage version of v1api20240301.RouteTable_STATUS_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object serviceAssociationLinks: items: - description: |- - Storage version of v1api20240301.ServiceAssociationLink_STATUS - ServiceAssociationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67715,16 +44605,10 @@ spec: type: array serviceEndpointPolicies: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67732,32 +44616,20 @@ spec: type: array serviceEndpoints: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPropertiesFormat_STATUS - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: type: string type: array networkIdentifier: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml index 5451c2bbc7e..28eed6383e9 100644 --- a/config/aso/kustomization.yaml +++ b/config/aso/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component namespace: capz-system resources: # The ASO version here is managed by `make generate-aso-crds` - - https://github.com/Azure/azure-service-operator/releases/download/v2.13.0/azureserviceoperator_v2.13.0.yaml + - https://github.com/Azure/azure-service-operator/releases/download/v2.16.0/azureserviceoperator_v2.16.0.yaml - crds.yaml - settings.yaml patches: @@ -12,6 +12,7 @@ patches: - path: patches/visualizer_label_in_fleetmembers.yaml - path: patches/visualizer_label_in_managedclusteragentpools.yaml - path: patches/visualizer_label_in_managed_clusters.yaml + - path: patches/visualizer_label_in_maintenanceconfigurations.yaml - path: patches/visualizer_label_in_natgateways.yaml - path: patches/visualizer_label_in_privateendpoints.yaml - path: patches/visualizer_label_in_resourcegroups.yaml @@ -30,24 +31,6 @@ patches: - op: replace # Users can specify additional ASO CRDs. CRDs should be appended with ';' path: /spec/template/spec/containers/0/args/6 value: --crd-pattern=${ADDITIONAL_ASO_CRDS:= } - - # ASO will provide a startupProbe starting in v2.14.0. - # These patches should be removed when the upstream probe is set. - - op: test - path: /spec/template/spec/containers/0/startupProbe - value: null - - op: add - path: /spec/template/spec/containers/0/startupProbe - value: - httpGet: - path: /healthz - port: 8081 - periodSeconds: 10 - failureThreshold: 12 - - op: remove - path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds - - op: remove - path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds target: group: apps kind: Deployment diff --git a/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml b/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml new file mode 100644 index 00000000000..cc259b67297 --- /dev/null +++ b/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml @@ -0,0 +1,7 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: "infrastructure" + name: maintenanceconfigurations.containerservice.azure.com diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml index f59a1dcbcba..0d42be1a6f3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml index 06329f87304..868a26fa32d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml index 2adab5924f8..38181ff619d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedcontrolplanes.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml index 01646cf9acc..de6de95d7cf 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml index 5a8eed710a8..856061a9ed3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedmachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml index 8c904d270ff..50317e61e93 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml index 11bdf91bcf8..06d441d0ae3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclusteridentities.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml index 35aa2c50612..e42c11a7ad9 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml index 73bc4c0937d..9301cac5d0c 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml index e139585838f..57717d1a289 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml index 0fabc3a2e1b..73bda3792ac 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml index a6e2f806590..95f9091a2a6 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachines.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml index f386e8e5565..43114f42036 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml index 8ebd036b496..581d2ea69cd 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml index bd4021fad6c..83a7532bc34 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml index aeb28ffdf17..52a6a235a09 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml index 4bd503e2b77..61580515f94 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml index 9468624fca2..08efd5ec9c4 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml index 111e9e90545..16cfd6993cb 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 547fa4c0f4e..f7769bc522b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -123,6 +123,7 @@ rules: - containerservice.azure.com resources: - fleetsmembers + - maintenanceconfigurations - managedclusters - managedclustersagentpools verbs: @@ -137,6 +138,7 @@ rules: - containerservice.azure.com resources: - fleetsmembers/status + - maintenanceconfigurations/status - managedclusters/status - managedclustersagentpools/status verbs: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 0a5a6197916..61947ed2d4d 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -11,9 +11,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster failurePolicy: Fail - name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -23,7 +24,7 @@ webhooks: - CREATE - UPDATE resources: - - azuremachinepools + - azureclusters sideEffects: None - admissionReviewVersions: - v1 @@ -32,10 +33,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate failurePolicy: Fail matchPolicy: Equivalent - name: default.azurecluster.infrastructure.cluster.x-k8s.io + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -45,7 +46,7 @@ webhooks: - CREATE - UPDATE resources: - - azureclusters + - azureclustertemplates sideEffects: None - admissionReviewVersions: - v1 @@ -54,10 +55,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine failurePolicy: Fail matchPolicy: Equivalent - name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + name: default.azuremachine.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -67,7 +68,7 @@ webhooks: - CREATE - UPDATE resources: - - azureclustertemplates + - azuremachines sideEffects: None - admissionReviewVersions: - v1 @@ -76,10 +77,9 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachine.infrastructure.cluster.x-k8s.io + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -89,7 +89,7 @@ webhooks: - CREATE - UPDATE resources: - - azuremachines + - azuremachinepools sideEffects: None - admissionReviewVersions: - v1 @@ -225,27 +225,6 @@ webhooks: resources: - azuremachinepoolmachines sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool - failurePolicy: Fail - name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinepools - sideEffects: None - admissionReviewVersions: - v1 - v1beta1 @@ -394,6 +373,27 @@ webhooks: resources: - azuremachines sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None - admissionReviewVersions: - v1 - v1beta1 diff --git a/controllers/azureasomanagedcontrolplane_controller.go b/controllers/azureasomanagedcontrolplane_controller.go index 868bb7dff57..3072af2ca07 100644 --- a/controllers/azureasomanagedcontrolplane_controller.go +++ b/controllers/azureasomanagedcontrolplane_controller.go @@ -28,6 +28,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + apimachineryruntime "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/tools/clientcmd" "k8s.io/utils/ptr" clusterv1beta1 "sigs.k8s.io/cluster-api/api/core/v1beta1" @@ -346,7 +347,11 @@ func (r *AzureASOManagedControlPlaneReconciler) reconcileKubeconfig(ctx context. }, } - err = r.Patch(ctx, expectedSecret, client.Apply, client.FieldOwner("capz-manager"), client.ForceOwnership) + unstructuredMap, err := apimachineryruntime.DefaultUnstructuredConverter.ToUnstructured(expectedSecret) + if err != nil { + return nil, err + } + err = r.Apply(ctx, client.ApplyConfigurationFromUnstructured(&unstructured.Unstructured{Object: unstructuredMap}), client.FieldOwner("capz-manager"), client.ForceOwnership) if err != nil { return nil, err } diff --git a/controllers/azureasomanagedcontrolplane_controller_test.go b/controllers/azureasomanagedcontrolplane_controller_test.go index a3530acf752..20e7aacb1f5 100644 --- a/controllers/azureasomanagedcontrolplane_controller_test.go +++ b/controllers/azureasomanagedcontrolplane_controller_test.go @@ -302,20 +302,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: false, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfig := obj.(*corev1.Secret) - g.Expect(kubeconfig.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -328,11 +318,19 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(err).NotTo(HaveOccurred()) g.Expect(result).To(Equal(ctrl.Result{})) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.ControlPlaneEndpoint.Host).To(Equal("endpoint")) g.Expect(asoManagedControlPlane.Status.Version).To(Equal("vCurrent")) - g.Expect(kubeConfigPatched).To(BeTrue()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeTrue()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) }) t.Run("successfully reconciles a kubeconfig with a token", func(t *testing.T) { @@ -428,31 +426,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: false, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfigSecret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } - g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - - kubeconfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(kubeconfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { - return user.Exec == nil && - user.Token == "token" - }))) - - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -469,9 +446,23 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(result.Requeue).To(BeFalse()) //nolint:staticcheck g.Expect(result.RequeueAfter).NotTo(BeZero()) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) - g.Expect(kubeConfigPatched).To(BeTrue()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeTrue()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) + clientConfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(clientConfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { + return user.Exec == nil && + user.Token == "token" + }))) }) t.Run("successfully reconciles a kubeconfig with a token that has expired", func(t *testing.T) { @@ -567,31 +558,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: true, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfigSecret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } - g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - - kubeconfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(kubeconfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { - return user.Exec == nil && - user.Token == "token" - }))) - - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -607,9 +577,23 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(err).NotTo(HaveOccurred()) g.Expect(result).To(Equal(ctrl.Result{Requeue: true})) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) - g.Expect(kubeConfigPatched).To(BeTrue()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeFalse()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) + clientConfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(clientConfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { + return user.Exec == nil && + user.Token == "token" + }))) }) t.Run("successfully reconciles pause", func(t *testing.T) { diff --git a/controllers/azuremanagedcontrolplane_controller.go b/controllers/azuremanagedcontrolplane_controller.go index 2f3728a5f21..967d9e51e9b 100644 --- a/controllers/azuremanagedcontrolplane_controller.go +++ b/controllers/azuremanagedcontrolplane_controller.go @@ -114,6 +114,8 @@ func (amcpr *AzureManagedControlPlaneReconciler) SetupWithManager(ctx context.Co // +kubebuilder:rbac:groups=network.azure.com,resources=privateendpoints/status;virtualnetworks/status;virtualnetworkssubnets/status,verbs=get;list;watch // +kubebuilder:rbac:groups=containerservice.azure.com,resources=fleetsmembers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=containerservice.azure.com,resources=fleetsmembers/status,verbs=get;list;watch +// +kubebuilder:rbac:groups=containerservice.azure.com,resources=maintenanceconfigurations,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=containerservice.azure.com,resources=maintenanceconfigurations/status,verbs=get;list;watch // +kubebuilder:rbac:groups=kubernetesconfiguration.azure.com,resources=extensions,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kubernetesconfiguration.azure.com,resources=extensions/status,verbs=get;list;watch diff --git a/controllers/azuremanagedmachinepool_reconciler.go b/controllers/azuremanagedmachinepool_reconciler.go index d5e06ee41aa..8bb7ca1f9e8 100644 --- a/controllers/azuremanagedmachinepool_reconciler.go +++ b/controllers/azuremanagedmachinepool_reconciler.go @@ -24,7 +24,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/pkg/errors" azprovider "sigs.k8s.io/cloud-provider-azure/pkg/provider" diff --git a/controllers/resource_reconciler.go b/controllers/resource_reconciler.go index 85d458e21ca..2a2dc47feab 100644 --- a/controllers/resource_reconciler.go +++ b/controllers/resource_reconciler.go @@ -103,7 +103,7 @@ func (r *ResourceReconciler) Pause(ctx context.Context) error { spec.SetNamespace(r.owner.GetNamespace()) gvk := spec.GroupVersionKind() log.V(4).Info("pausing resource", "resource", klog.KObj(spec), "resourceVersion", gvk.GroupVersion(), "resourceKind", gvk.Kind) - err := r.Patch(ctx, spec, client.Apply, client.FieldOwner("capz-manager")) + err := r.Apply(ctx, client.ApplyConfigurationFromUnstructured(spec), client.FieldOwner("capz-manager")) if client.IgnoreNotFound(err) != nil { return fmt.Errorf("failed to patch resource: %w", err) } @@ -157,7 +157,7 @@ func (r *ResourceReconciler) reconcile(ctx context.Context) error { gvk := spec.GroupVersionKind() log.V(4).Info("applying resource", "resource", klog.KObj(spec), "resourceVersion", gvk.GroupVersion(), "resourceKind", gvk.Kind) - err := r.Patch(ctx, spec, client.Apply, client.FieldOwner("capz-manager"), client.ForceOwnership) + err := r.Apply(ctx, client.ApplyConfigurationFromUnstructured(spec), client.FieldOwner("capz-manager"), client.ForceOwnership) if err != nil { return fmt.Errorf("failed to apply resource: %w", err) } diff --git a/controllers/resource_reconciler_test.go b/controllers/resource_reconciler_test.go index a8cbcd670ee..298b3da2872 100644 --- a/controllers/resource_reconciler_test.go +++ b/controllers/resource_reconciler_test.go @@ -17,14 +17,15 @@ limitations under the License. package controllers import ( - "context" "testing" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" - "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" + asoannotations "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" "github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions" "github.com/go-logr/logr" . "github.com/onsi/gomega" + "github.com/onsi/gomega/gstruct" + "github.com/onsi/gomega/types" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -39,21 +40,6 @@ import ( infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" ) -type FakeClient struct { - client.Client - // Override the Patch method because controller-runtime's doesn't really support - // server-side apply, so we make our own dollar store version: - // https://github.com/kubernetes-sigs/controller-runtime/issues/2341 - patchFunc func(context.Context, client.Object, client.Patch, ...client.PatchOption) error -} - -func (c *FakeClient) Patch(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error { - if c.patchFunc == nil { - return c.Client.Patch(ctx, obj, patch, opts...) - } - return c.patchFunc(ctx, obj, patch, opts...) -} - type FakeWatcher struct { watching map[string]struct{} } @@ -97,21 +83,11 @@ func TestResourceReconcilerReconcile(t *testing.T) { g := NewGomegaWithT(t) w := &FakeWatcher{} - c := fakeClientBuilder(). - Build() asoManagedCluster := &infrav1.AzureASOManagedCluster{} - unpatchedRGs := map[string]struct{}{} r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { - g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) - delete(unpatchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder().Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -131,7 +107,6 @@ func TestResourceReconcilerReconcile(t *testing.T) { err := r.Reconcile(ctx) g.Expect(err).NotTo(HaveOccurred()) g.Expect(w.watching).To(BeEmpty()) - g.Expect(unpatchedRGs).To(BeEmpty()) // all expected resources were patched g.Expect(asoManagedCluster.Annotations).To(HaveKeyWithValue(ownedKindsAnnotation, getOwnedKindsValue([]schema.GroupVersionKind{asoresourcesv1.GroupVersion.WithKind("ResourceGroup")}))) resourcesStatuses := asoManagedCluster.Status.Resources @@ -140,6 +115,10 @@ func TestResourceReconcilerReconcile(t *testing.T) { g.Expect(resourcesStatuses[0].Ready).To(BeFalse()) g.Expect(resourcesStatuses[1].Resource.Name).To(Equal("rg2")) g.Expect(resourcesStatuses[1].Ready).To(BeFalse()) + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(BeEmpty(), "Resources should not have been created") }) t.Run("create resources with acknowledged types", func(t *testing.T) { @@ -154,22 +133,9 @@ func TestResourceReconcilerReconcile(t *testing.T) { } w := &FakeWatcher{} - c := fakeClientBuilder(). - Build() - unpatchedRGs := map[string]struct{}{ - "rg1": {}, - "rg2": {}, - } r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { - g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) - delete(unpatchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder().Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -206,7 +172,6 @@ func TestResourceReconcilerReconcile(t *testing.T) { err := r.Reconcile(ctx) g.Expect(err).NotTo(HaveOccurred()) g.Expect(w.watching).To(HaveKey("ResourceGroup.resources.azure.com")) - g.Expect(unpatchedRGs).To(BeEmpty()) // all expected resources were patched g.Expect(asoManagedCluster.Annotations).To(HaveKeyWithValue(ownedKindsAnnotation, getOwnedKindsValue([]schema.GroupVersionKind{asoresourcesv1.GroupVersion.WithKind("ResourceGroup")}))) resourcesStatuses := asoManagedCluster.Status.Resources @@ -215,6 +180,13 @@ func TestResourceReconcilerReconcile(t *testing.T) { g.Expect(resourcesStatuses[0].Ready).To(BeTrue()) g.Expect(resourcesStatuses[1].Resource.Name).To(Equal("rg2")) g.Expect(resourcesStatuses[1].Ready).To(BeFalse()) + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(ConsistOf( + HaveField("Name", "rg1"), + HaveField("Name", "rg2"), + ), "Expected ResourceGroups should have been created") }) t.Run("delete stale resources", func(t *testing.T) { @@ -270,17 +242,10 @@ func TestResourceReconcilerReconcile(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -391,24 +356,10 @@ func TestResourceReconcilerPause(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - - var patchedRGs []string r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { - g.Expect(o.GetAnnotations()).To(HaveKeyWithValue(annotations.ReconcilePolicy, string(annotations.ReconcilePolicySkip))) - if err := c.Get(ctx, client.ObjectKeyFromObject(o), &asoresourcesv1.ResourceGroup{}); err != nil { - // propagate errors like "NotFound" - return err - } - patchedRGs = append(patchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -430,7 +381,24 @@ func TestResourceReconcilerPause(t *testing.T) { } g.Expect(r.Pause(ctx)).To(Succeed()) - g.Expect(patchedRGs).To(ConsistOf("rg1", "rg2")) + + haveNameAndAnnotations := func(name string, haveAnnotations types.GomegaMatcher) types.GomegaMatcher { + return gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ + "ObjectMeta": gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ + "Name": Equal(name), + "Annotations": haveAnnotations, + }), + }) + } + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(ConsistOf( + haveNameAndAnnotations("deleted from spec", BeEmpty()), + haveNameAndAnnotations("not-yet-created", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + haveNameAndAnnotations("rg1", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + haveNameAndAnnotations("rg2", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + ), "Expected ResourceGroups should have been updated") }) } @@ -495,14 +463,10 @@ func TestResourceReconcilerDelete(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), owner: owner, } @@ -530,14 +494,9 @@ func TestResourceReconcilerDelete(t *testing.T) { }, } - c := fakeClientBuilder(). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - }, - owner: owner, + Client: fakeClientBuilder().Build(), + owner: owner, } g.Expect(r.Delete(ctx)).To(Succeed()) diff --git a/docs/book/src/developers/development.md b/docs/book/src/developers/development.md index 372234f27c0..0b9b3c41f6e 100644 --- a/docs/book/src/developers/development.md +++ b/docs/book/src/developers/development.md @@ -143,6 +143,8 @@ Install [Helm](https://helm.sh/docs/intro/install/): You would require installation of Helm for successfully setting up Tilt. +Install the [Azure CLI][azure_cli] if you use Tilt workflows that invoke `az` against Azure (for example VNet peering when using an AKS management cluster with an internal load balancer; see [Tilt with AKS as management cluster (ILB)](tilt-with-aks-as-mgmt-ilb.md)). `make tilt-up` runs `make check-az-cli` first; if `az` is missing, it prints a warning that asks you to install the CLI and fix your `PATH` before continuing with Tilt. To print the resolved `az` path when it is installed, run `VERBOSE=1 make check-az-cli`. + ### Using Tilt Both of the [Tilt](https://tilt.dev) setups below will get you started developing CAPZ in a local kind cluster. @@ -401,7 +403,7 @@ export CONTROL_PLANE_MACHINE_COUNT=3 export AZURE_CONTROL_PLANE_MACHINE_TYPE="Standard_B2s" export AZURE_NODE_MACHINE_TYPE="Standard_B2s" export WORKER_MACHINE_COUNT=2 -export KUBERNETES_VERSION="v1.33.6" +export KUBERNETES_VERSION="v1.35.4" # Identity secret. export AZURE_CLUSTER_IDENTITY_SECRET_NAME="cluster-identity-secret" diff --git a/docs/book/src/developers/getting-started-with-capi-operator.md b/docs/book/src/developers/getting-started-with-capi-operator.md index 16e3f475a4b..c3e6d472813 100644 --- a/docs/book/src/developers/getting-started-with-capi-operator.md +++ b/docs/book/src/developers/getting-started-with-capi-operator.md @@ -120,9 +120,9 @@ helm install cert-manager jetstack/cert-manager --namespace cert-manager --creat Create a `values.yaml` file for the CAPI Operator Helm chart like so: ```yaml -core: "cluster-api:v1.12.4" +core: "cluster-api:v1.13.1" infrastructure: "azure:v1.17.2" -addon: "helm:v0.6.1" +addon: "helm:v0.6.2" manager: featureGates: core: diff --git a/docs/book/src/developers/releasing.md b/docs/book/src/developers/releasing.md index ca2399ded8e..e8b7084cdcc 100644 --- a/docs/book/src/developers/releasing.md +++ b/docs/book/src/developers/releasing.md @@ -117,9 +117,9 @@ This will automatically create a PR in [k8s.io](https://github.com/kubernetes/k8 For reviewers of the above-created PR, to confirm that the resultant image SHA-to-tag addition is valid, you can check against the [staging repository][staging-repository]. -Using [the above example PR](https://github.com/kubernetes/k8s.io/pull/4284), to verify that the image identified by SHA `d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053` has the expected `v1.4.3`, tag, you would inspect the image metadata by viewing it in the Google Container Registry UI: +Using [the above example PR](https://github.com/kubernetes/k8s.io/pull/4284), to verify that the image identified by SHA `d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053` has the expected `v1.4.3`, tag, you would inspect the image metadata by viewing it in the Google Artifact Registry UI: -- https://console.cloud.google.com/gcr/images/k8s-staging-cluster-api-azure/global/cluster-api-azure-controller@sha256:d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053 +- https://console.cloud.google.com/artifacts/docker/k8s-staging-cluster-api-azure/us/gcr.io/cluster-api-azure-controller ### 6. Release in GitHub (maintainer) @@ -171,7 +171,7 @@ Open a pull request to update the branches in the [weekly security scan workflow [semver]: https://semver.org/#semantic-versioning-200 [template]: /docs/release-notes-template.md [versioning]: #versioning -[staging-repository]: https://console.cloud.google.com/gcr/images/k8s-staging-cluster-api-azure/GLOBAL/cluster-api-azure-controller?rImageListsize=30 +[staging-repository]: https://console.cloud.google.com/artifacts/docker/k8s-staging-cluster-api-azure/us/gcr.io/cluster-api-azure-controller ## Post release steps (maintainer) diff --git a/docs/book/src/managed/managedcluster.md b/docs/book/src/managed/managedcluster.md index 0f8f5a798f1..9fee3e02b44 100644 --- a/docs/book/src/managed/managedcluster.md +++ b/docs/book/src/managed/managedcluster.md @@ -40,7 +40,7 @@ executing clusterctl. # Kubernetes values export CLUSTER_NAME="my-cluster" export WORKER_MACHINE_COUNT=2 -export KUBERNETES_VERSION="v1.33.6" +export KUBERNETES_VERSION="v1.35.4" # Azure values export AZURE_LOCATION="southcentralus" @@ -357,7 +357,7 @@ spec: resourceGroupName: foo-bar sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} subscriptionID: 00000000-0000-0000-0000-000000000000 # fake uuid - version: v1.33.6 + version: v1.35.4 identity: type: UserAssigned userAssignedIdentityResourceID: /subscriptions/00000000-0000-0000-0000-00000000/resourcegroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/ diff --git a/docs/book/src/topics/aso.md b/docs/book/src/topics/aso.md index e9513abde6a..0f2f3871bd6 100644 --- a/docs/book/src/topics/aso.md +++ b/docs/book/src/topics/aso.md @@ -68,7 +68,7 @@ For example, to install all the CRDs of `cache.azure.com` and `MongodbDatabase.d CAPZ's installation of ASO configures only the ASO CRDs that are required by CAPZ. To make more resource types available, export `ADDITIONAL_ASO_CRDS` and then upgrade CAPZ. For example, to install the all CRDs of `cache.azure.com` and `MongodbDatabase.documentdb.azure.com`, follow these steps: - `export ADDITIONAL_ASO_CRDS="cache.azure.com/*;documentdb.azure.com/MongodbDatabase"` -- continue with the upgrade of CAPZ as specified [here](https://cluster-api.sigs.k8s.io/tasks/upgrading-cluster-api-versions.html?highlight=upgrade#when-to-upgrade] +- continue with the upgrade of CAPZ as specified [here](https://cluster-api.sigs.k8s.io/tasks/upgrading-cluster-api-versions.html?highlight=upgrade#when-to-upgrade) You will see that the `--crd-pattern` in Azure Service Operator's Deployment (in the `capz-system` namespace) looks like below: ``` diff --git a/exp/api/v1beta1/azuremachinepool_test.go b/exp/api/v1beta1/azuremachinepool_test.go index 12bed0d3018..3e8e849cd4c 100644 --- a/exp/api/v1beta1/azuremachinepool_test.go +++ b/exp/api/v1beta1/azuremachinepool_test.go @@ -24,6 +24,7 @@ import ( infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" + expwebhooks "sigs.k8s.io/cluster-api-provider-azure/internal/exp/webhooks" ) func TestAzureMachinePool_Validate(t *testing.T) { @@ -249,7 +250,7 @@ func TestAzureMachinePool_Validate(t *testing.T) { // Don't add t.Parallel() here or the test will fail. g := gomega.NewGomegaWithT(t) amp := c.Factory(g) - actualErr := amp.Validate(nil, nil) + actualErr := expwebhooks.ValidateAzureMachinePool(nil, amp, nil) c.Expect(g, actualErr) }) } diff --git a/exp/api/v1beta1/zz_generated.deepcopy.go b/exp/api/v1beta1/zz_generated.deepcopy.go index 2083b59c5b5..6c0af75a80f 100644 --- a/exp/api/v1beta1/zz_generated.deepcopy.go +++ b/exp/api/v1beta1/zz_generated.deepcopy.go @@ -22,7 +22,7 @@ package v1beta1 import ( "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" + runtime "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" apiv1beta1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" corev1beta1 "sigs.k8s.io/cluster-api/api/core/v1beta1" diff --git a/exp/controllers/azuremachinepool_reconciler.go b/exp/controllers/azuremachinepool_reconciler.go index 8529eed9829..3a6680700b6 100644 --- a/exp/controllers/azuremachinepool_reconciler.go +++ b/exp/controllers/azuremachinepool_reconciler.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/cluster-api-provider-azure/azure/services/roleassignments" "sigs.k8s.io/cluster-api-provider-azure/azure/services/scalesets" "sigs.k8s.io/cluster-api-provider-azure/azure/services/tags" + apiinternalexp "sigs.k8s.io/cluster-api-provider-azure/internal/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/util/tele" ) @@ -73,7 +74,7 @@ func (s *azureMachinePoolService) Reconcile(ctx context.Context) error { defer done() // Ensure that the deprecated networking field values have been migrated to the new NetworkInterfaces field. - s.scope.AzureMachinePool.SetNetworkInterfacesDefaults() + apiinternalexp.SetNetworkInterfacesDefaults(s.scope.AzureMachinePool) if err := s.scope.SetSubnetName(); err != nil { return errors.Wrap(err, "failed defaulting subnet name") diff --git a/go.mod b/go.mod index cd9cfd2fe55..a3af15a4ced 100644 --- a/go.mod +++ b/go.mod @@ -1,18 +1,11 @@ module sigs.k8s.io/cluster-api-provider-azure -go 1.24.6 +go 1.25.0 -toolchain go1.24.13 - -// Workaround for prometheus/common v0.66.0+ breaking change that causes panic -// in cluster-api test framework's TextParser usage. Pin prometheus dependencies -// to versions compatible with otel/exporters/prometheus v0.59.1. -// See: https://github.com/prometheus/common/releases/tag/v0.66.0 -// Remove this once cluster-api/test is updated to use NewTextParser(). -replace github.com/prometheus/otlptranslator => github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f +toolchain go1.25.9 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 @@ -26,7 +19,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresourcehealth v1.3.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 - github.com/Azure/azure-service-operator/v2 v2.13.0 + github.com/Azure/azure-service-operator/v2 v2.16.0 github.com/Azure/msi-dataplane v0.4.3 github.com/asaskevich/govalidator/v11 v11.0.2-0.20250122183457-e11347878e23 github.com/blang/semver v3.5.1+incompatible @@ -36,36 +29,36 @@ require ( github.com/google/uuid v1.6.0 github.com/hashicorp/go-retryablehttp v0.7.8 github.com/hashicorp/golang-lru v1.0.2 - github.com/onsi/ginkgo/v2 v2.28.1 - github.com/onsi/gomega v1.39.1 + github.com/onsi/ginkgo/v2 v2.28.3 + github.com/onsi/gomega v1.40.0 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.10 - github.com/prometheus/client_golang v1.23.0 + github.com/prometheus/client_golang v1.23.2 github.com/spf13/pflag v1.0.10 - go.opentelemetry.io/otel v1.41.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 - go.opentelemetry.io/otel/exporters/prometheus v0.59.1 - go.opentelemetry.io/otel/sdk v1.41.0 - go.opentelemetry.io/otel/sdk/metric v1.41.0 - go.opentelemetry.io/otel/trace v1.41.0 + go.opentelemetry.io/otel v1.43.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 + go.opentelemetry.io/otel/exporters/prometheus v0.65.0 + go.opentelemetry.io/otel/sdk v1.43.0 + go.opentelemetry.io/otel/sdk/metric v1.43.0 + go.opentelemetry.io/otel/trace v1.43.0 go.uber.org/mock v0.6.0 - golang.org/x/crypto v0.48.0 + golang.org/x/crypto v0.50.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b - golang.org/x/mod v0.33.0 - golang.org/x/text v0.34.0 + golang.org/x/mod v0.35.0 + golang.org/x/text v0.36.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.34.3 - k8s.io/apimachinery v0.34.3 - k8s.io/client-go v0.34.3 - k8s.io/cluster-bootstrap v0.34.2 - k8s.io/component-base v0.34.3 + k8s.io/api v0.35.4 + k8s.io/apimachinery v0.35.4 + k8s.io/client-go v0.35.4 + k8s.io/cluster-bootstrap v0.35.4 + k8s.io/component-base v0.35.4 k8s.io/klog/v2 v2.130.1 k8s.io/kubectl v0.34.2 - k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/cloud-provider-azure v1.34.3 - sigs.k8s.io/cluster-api v1.12.4 - sigs.k8s.io/cluster-api/test v1.12.4 - sigs.k8s.io/controller-runtime v0.22.5 + sigs.k8s.io/cluster-api v1.13.1 + sigs.k8s.io/cluster-api/test v1.13.1 + sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/kind v0.31.0 ) @@ -73,7 +66,7 @@ require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect cel.dev/expr v0.25.1 // indirect dario.cat/mergo v1.0.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.4.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6 v6.6.0 // indirect @@ -89,9 +82,8 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect - github.com/Microsoft/go-winio v0.5.0 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/adrg/xdg v0.5.3 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/benbjohnson/clock v1.3.5 // indirect @@ -99,45 +91,42 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cloudflare/circl v1.6.3 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v28.5.2+incompatible // indirect - github.com/docker/go-connections v0.6.0 // indirect - github.com/docker/go-units v0.4.0 // indirect + github.com/docker/go-connections v0.7.0 // indirect + github.com/docker/go-units v0.5.0 // indirect github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fatih/color v1.18.0 // indirect + github.com/fatih/color v1.19.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.21.2 // indirect + github.com/go-openapi/jsonpointer v0.22.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-openapi/swag/jsonname v0.25.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.3.0 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/cel-go v0.26.1 // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/go-github/v53 v53.2.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect - github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect + github.com/google/go-github/v82 v82.0.0 // indirect + github.com/google/go-querystring v1.2.0 // indirect + github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect - github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jellydator/ttlcache/v3 v3.3.0 // indirect + github.com/jellydator/ttlcache/v3 v3.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kr/fs v0.1.0 // indirect @@ -150,8 +139,9 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/spdystream v0.5.0 // indirect - github.com/moby/sys/sequential v0.6.0 // indirect + github.com/moby/moby/api v1.54.2 // indirect + github.com/moby/moby/client v0.4.1 // indirect + github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -163,58 +153,58 @@ require ( github.com/olekukonko/ll v0.1.1 // indirect github.com/olekukonko/tablewriter v1.0.9 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.2 // indirect + github.com/opencontainers/image-spec v1.1.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.2.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.65.0 // indirect + github.com/prometheus/common v0.67.5 // indirect github.com/prometheus/otlptranslator v1.0.0 // indirect - github.com/prometheus/procfs v0.19.2 // indirect + github.com/prometheus/procfs v0.20.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rotisserie/eris v0.5.4 // indirect github.com/sagikazarmark/locafero v0.11.0 // indirect - github.com/samber/lo v1.51.0 // indirect + github.com/samber/lo v1.52.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect github.com/spf13/afero v1.15.0 // indirect github.com/spf13/cast v1.10.0 // indirect - github.com/spf13/cobra v1.10.1 // indirect + github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/viper v1.21.0 // indirect github.com/stoewer/go-strcase v1.3.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/valyala/fastjson v1.6.4 // indirect + github.com/valyala/fastjson v1.6.10 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect - go.opentelemetry.io/otel/metric v1.41.0 // indirect - go.opentelemetry.io/proto/otlp v1.9.0 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/proto/otlp v1.10.0 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.50.0 // indirect - golang.org/x/oauth2 v0.35.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.41.0 // indirect - golang.org/x/term v0.40.0 // indirect - golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.41.0 // indirect + golang.org/x/net v0.53.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/term v0.42.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.44.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect - google.golang.org/grpc v1.79.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/grpc v1.80.0 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/apiextensions-apiserver v0.34.3 // indirect - k8s.io/apiserver v0.34.3 // indirect + k8s.io/apiextensions-apiserver v0.35.4 // indirect + k8s.io/apiserver v0.35.4 // indirect k8s.io/cli-runtime v0.34.2 // indirect k8s.io/cloud-provider v0.34.0 // indirect k8s.io/component-helpers v0.34.2 // indirect - k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 // indirect sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 // indirect @@ -222,6 +212,6 @@ require ( sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index bd2f13ecee0..9e1004e1d01 100644 --- a/go.sum +++ b/go.sum @@ -6,20 +6,22 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEBnvU96bKHy6LjRsY4E28= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 h1:jHb/wfvRikGdxMXYV3QG/SzUOPYN9KEUUuC0Yd0/vC0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1/go.mod h1:pzBXCYn05zvYIrwLgtK8Ap8QcjRg+0i76tMQdWN6wOk= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 h1:fhqpLE3UEXi9lPaBRpQ6XuRW0nU7hgg4zlmZZa+a9q4= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0/go.mod h1:7dCRMLwisfRH3dBupKeNCioWYUZ4SS09Z14H+7i8ZoY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2 v2.1.0 h1:WYADp5XlioccEnBBK9sVUaHVno76l7WeTcWCumN86kM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2 v2.1.0/go.mod h1:PK8v1aAd2Wx6eTcbUYhYstGpspqNqhZYiM8GLFdq2A0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappconfiguration v1.1.1 h1:iRc20pGuVlc1HwRO2bg0m1tfP9rkPB0K88trl8Fei2w= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappconfiguration v1.1.1/go.mod h1:21Lewei+tg5zp5xmyOxfDY//2tBvWQXee0UoM8xZjr8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 h1:Hp+EScFOu9HeCbeW8WU2yQPJd4gGwhMgKxWe+G6jNzw= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0/go.mod h1:/pz8dyNQe+Ey3yBp/XuYz7oqX8YDNWVpPB0hH3XWfbc= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices v1.8.0 h1:ZMGAqCZov8+7iFUPWKVcTaLgNXUeTlz20sIuWkQWNfg= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices v1.8.0/go.mod h1:BElPQ/GZtrdQ2i5uDZw3OKLE1we75W0AEWyeBR1TWQA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.4.0 h1:z7Mqz6l0EFH549GvHEqfjKvi+cRScxLWbaoeLm9wxVQ= @@ -81,8 +83,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresource github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresourcehealth v1.3.0/go.mod h1:AN7AudLmrOvJlt7ormR1M5splG0TkZ4xyAqEIMIwTB0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.3.0 h1:HpCtTs500PzKoBWKBLZVFEG9Zh20f7cAFbWj8D9JWkg= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.3.0/go.mod h1:3uruTckNIGQ4iNsvAs/qrLgWBoS1pA7pCzHFmTFU+LU= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.4.0 h1:zBdabY8pMSMLPb1XJnFSEdJi9Bd0h+VMjh1uU8B6Yp8= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.4.0/go.mod h1:Y2Q3nB3UfSnG9nALOpPAjflXPM3jL/n2ZmYIu2Occ9g= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus v1.2.0 h1:jngSeKBnzC7qIk3rvbWHsLI7eeasEucORHWr2CHX0Yg= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus v1.2.0/go.mod h1:1YXAxWw6baox+KafeQU2scy21/4IHvqXoIJuCpcvpMQ= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/signalr/armsignalr v1.2.0 h1:Y8CF7FyuVVDyX5W6Azwjj3PpwUZVbXBOCyQytv/0QEA= @@ -97,8 +99,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 h1:nCYfg github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0/go.mod h1:ucUjca2JtSZboY8IoUqyQyuuXvwbMBVwFOm0vdQPNhA= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 h1:RTTsXUJWn0jumeX62Mb153wYXykqnrzYBYDeHp0kiuk= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0/go.mod h1:k4MMjrPHIEK+umaMGk1GNLgjEybJZ9mHSRDZ+sDFv3Y= -github.com/Azure/azure-service-operator/v2 v2.13.0 h1:24xDkuGOjSDKKkthECRo/I76slmlt3u0buYQ4rvX3pQ= -github.com/Azure/azure-service-operator/v2 v2.13.0/go.mod h1:3xfZMZm4yjdcjr3lh1kWqP2dtvZS/nCy7wpNERYDatg= +github.com/Azure/azure-service-operator/v2 v2.16.0 h1:dQhwA4Bnvqfxyd+IGCFyHP/s5Q1e0oGj8d209qRBeXY= +github.com/Azure/azure-service-operator/v2 v2.16.0/go.mod h1:fOuOu1LCm69WQg48nTyW+1juzzucKQvOcqs9OFM47bg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/msi-dataplane v0.4.3 h1:dWPWzY4b54tLIR9T1Q014Xxd/1DxOsMIp6EjRFAJlQY= @@ -117,12 +119,10 @@ github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= -github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU= -github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78= github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= @@ -139,32 +139,26 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8= -github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.30 h1:ljZNPGgna+4yKv81gfkvkgLEWdtz0NjBR1glaiPI140= -github.com/coredns/corefile-migration v1.0.30/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= +github.com/coredns/corefile-migration v1.0.31 h1:f7WGhY8M2Jn8P2dVO0p7wSQ1QKsMARl6WEyUjCb/V38= +github.com/coredns/corefile-migration v1.0.31/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -173,12 +167,10 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= -github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= -github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= -github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= +github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= +github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= +github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 h1:7QPwrLT79GlD5sizHf27aoY2RTvw62mO6x7mxkScNk0= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46/go.mod h1:esf2rsHFNlZlxsqsZDojNBcnNs5REqIvRrWRHqX0vEU= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= @@ -189,8 +181,8 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -216,14 +208,16 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA= -github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= +github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= +github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= -github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU= -github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= +github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU= +github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= +github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= +github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= @@ -249,26 +243,24 @@ github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PU github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= -github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-github/v82 v82.0.0 h1:OH09ESON2QwKCUVMYmMcVu1IFKFoaZHwqYaUtr/MVfk= +github.com/google/go-github/v82 v82.0.0/go.mod h1:hQ6Xo0VKfL8RZ7z1hSfB4fvISg0QqHOqe9BP0qo+WvM= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= @@ -291,12 +283,12 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.4 h1:9wKznZrhWa2QiHL+NjTSPP6yjl3451BX3imWDnokYlg= -github.com/jackc/pgx/v5 v5.7.4/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ= +github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= +github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= -github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc= -github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw= +github.com/jellydator/ttlcache/v3 v3.4.0 h1:YS4P125qQS0tNhtL6aeYkheEaB/m8HCqdMMP4mnWdTY= +github.com/jellydator/ttlcache/v3 v3.4.0/go.mod h1:Hw9EgjymziQD3yGsQdf1FqFdpp7YjFMd4Srg5EJlgD4= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= @@ -305,8 +297,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU= github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= @@ -335,20 +325,38 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/microsoft/go-mssqldb v1.8.0 h1:7cyZ/AT7ycDsEoWPIXibd+aVKFtteUNhDGf3aobP+tw= -github.com/microsoft/go-mssqldb v1.8.0/go.mod h1:6znkekS3T2vp0waiMhen4GPU1BiAsrP+iXHcE7a7rFo= +github.com/microsoft/go-mssqldb v1.9.3 h1:hy4p+LDC8LIGvI3JATnLVmBOLMJbmn5X400mr5j0lPs= +github.com/microsoft/go-mssqldb v1.9.3/go.mod h1:GBbW9ASTiDC+mpgWDGKdm3FnFLTUsLYN3iFL90lQ+PA= +github.com/microsoft/kiota-abstractions-go v1.9.3 h1:cqhbqro+VynJ7kObmo7850h3WN2SbvoyhypPn8uJ1SE= +github.com/microsoft/kiota-abstractions-go v1.9.3/go.mod h1:f06pl3qSyvUHEfVNkiRpXPkafx7khZqQEb71hN/pmuU= +github.com/microsoft/kiota-authentication-azure-go v1.3.1 h1:AGta92S6IL1E6ZMDb8YYB7NVNTIFUakbtLKUdY5RTuw= +github.com/microsoft/kiota-authentication-azure-go v1.3.1/go.mod h1:26zylt2/KfKwEWZSnwHaMxaArpbyN/CuzkbotdYXF0g= +github.com/microsoft/kiota-http-go v1.5.4 h1:wSUmL1J+bTQlAWHjbRkSwr+SPAkMVYeYxxB85Zw0KFs= +github.com/microsoft/kiota-http-go v1.5.4/go.mod h1:L+5Ri+SzwELnUcNA0cpbFKp/pBbvypLh3Cd1PR6sjx0= +github.com/microsoft/kiota-serialization-form-go v1.1.2 h1:SD6MATqNw+Dc5beILlsb/D87C36HKC/Zw7l+N9+HY2A= +github.com/microsoft/kiota-serialization-form-go v1.1.2/go.mod h1:m4tY2JT42jAZmgbqFwPy3zGDF+NPJACuyzmjNXeuHio= +github.com/microsoft/kiota-serialization-json-go v1.1.2 h1:eJrPWeQ665nbjO0gsHWJ0Bw6V/ZHHU1OfFPaYfRG39k= +github.com/microsoft/kiota-serialization-json-go v1.1.2/go.mod h1:deaGt7fjZarywyp7TOTiRsjfYiyWxwJJPQZytXwYQn8= +github.com/microsoft/kiota-serialization-multipart-go v1.1.2 h1:1pUyA1QgIeKslQwbk7/ox1TehjlCUUT3r1f8cNlkvn4= +github.com/microsoft/kiota-serialization-multipart-go v1.1.2/go.mod h1:j2K7ZyYErloDu7Kuuk993DsvfoP7LPWvAo7rfDpdPio= +github.com/microsoft/kiota-serialization-text-go v1.1.3 h1:8z7Cebn0YAAr++xswVgfdxZjnAZ4GOB9O7XP4+r5r/M= +github.com/microsoft/kiota-serialization-text-go v1.1.3/go.mod h1:NDSvz4A3QalGMjNboKKQI9wR+8k+ih8UuagNmzIRgTQ= +github.com/microsoftgraph/msgraph-sdk-go v1.87.0 h1:N+BSwQggS4aC/WsImtwJ+FijMUm4RisOvYQx7j5PGtk= +github.com/microsoftgraph/msgraph-sdk-go v1.87.0/go.mod h1:UdZWxbZiFvjPug9DYayD90JNiHjXyNRA39lEpcy3Kms= +github.com/microsoftgraph/msgraph-sdk-go-core v1.4.0 h1:0SrIoFl7TQnMRrsi5TFaeNe0q8KO5lRzRp4GSCCL2So= +github.com/microsoftgraph/msgraph-sdk-go-core v1.4.0/go.mod h1:A1iXs+vjsRjzANxF6UeKv2ACExG7fqTwHHbwh1FL+EE= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= -github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= -github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= -github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= -github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= +github.com/moby/moby/api v1.54.2 h1:wiat9QAhnDQjA7wk1kh/TqHz2I1uUA7M7t9SAl/JNXg= +github.com/moby/moby/api v1.54.2/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.4.1 h1:DMQgisVoMkmMs7fp3ROSdiBnoAu8+vo3GggFl06M/wY= +github.com/moby/moby/client v0.4.1/go.mod h1:z52C9O2POPOsnxZAy//WtKcQ32P+jT/NGeXu/7nfjGQ= +github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= +github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -359,8 +367,6 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= @@ -373,14 +379,14 @@ github.com/olekukonko/ll v0.1.1 h1:9Dfeed5/Mgaxb9lHRAftLK9pVfYETvHn+If6lywVhJc= github.com/olekukonko/ll v0.1.1/go.mod h1:2dJo+hYZcJMLMbKwHEWvxCUbAOLc/CXWS9noET22Mdo= github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8= github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo= -github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= -github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= -github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= -github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= +github.com/onsi/ginkgo/v2 v2.28.3 h1:4JvMdwtFU0imd8fHx25OJXoDMRexnf8v5NHKYSTTji4= +github.com/onsi/ginkgo/v2 v2.28.3/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc= +github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= -github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= @@ -396,16 +402,16 @@ github.com/pkg/sftp v1.13.10/go.mod h1:bJ1a7uDhrX/4OII+agvy28lzRvQrmIQuaHrcI1Hbe github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= -github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= -github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= -github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f h1:QQB6SuvGZjK8kdc2YaLJpYhV8fxauOsjE6jgcL6YJ8Q= -github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f/go.mod h1:P8AwMgdD7XEr6QRUJ2QWLpiAZTgTE2UYgjlu3svompI= -github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= -github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4= +github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= +github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos= +github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= +github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -416,28 +422,27 @@ github.com/rotisserie/eris v0.5.4/go.mod h1:Z/kgYTJiJtocxCbFfvRmO+QejApzG6zpyky9 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc= github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik= -github.com/samber/lo v1.51.0 h1:kysRYLbHy/MB7kQZf5DSN50JHmMsNEdeY24VzJFu7wI= -github.com/samber/lo v1.51.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= +github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw= +github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U= github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= +github.com/std-uritemplate/std-uritemplate/go/v2 v2.0.3 h1:7hth9376EoQEd1hH4lAp3vnaLP2UMyxuMMghLKzDHyU= +github.com/std-uritemplate/std-uritemplate/go/v2 v2.0.3/go.mod h1:Z5KcoM0YLC7INlNhEezeIZ0TZNYf7WSNO0Lvah4DSeQ= github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -445,7 +450,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -463,48 +467,44 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= -github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= +github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4= +github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/etcd/api/v3 v3.6.6 h1:mcaMp3+7JawWv69p6QShYWS8cIWUOl32bFLb6qf8pOQ= -go.etcd.io/etcd/api/v3 v3.6.6/go.mod h1:f/om26iXl2wSkcTA1zGQv8reJRSLVdoEBsi4JdfMrx4= -go.etcd.io/etcd/client/pkg/v3 v3.6.6 h1:uoqgzSOv2H9KlIF5O1Lsd8sW+eMLuV6wzE3q5GJGQNs= -go.etcd.io/etcd/client/pkg/v3 v3.6.6/go.mod h1:YngfUVmvsvOJ2rRgStIyHsKtOt9SZI2aBJrZiWJhCbI= -go.etcd.io/etcd/client/v3 v3.6.6 h1:G5z1wMf5B9SNexoxOHUGBaULurOZPIgGPsW6CN492ec= -go.etcd.io/etcd/client/v3 v3.6.6/go.mod h1:36Qv6baQ07znPR3+n7t+Rk5VHEzVYPvFfGmfF4wBHV8= +go.etcd.io/etcd/api/v3 v3.6.10 h1:jlwjtELjA8yi2VWpOFH+0w0lGr3K6mVDyn0RDB9aaAY= +go.etcd.io/etcd/api/v3 v3.6.10/go.mod h1:pdV4VeFmvhdNjB4LWRkC8ReLyRBAxUOze3GarMhE2sk= +go.etcd.io/etcd/client/pkg/v3 v3.6.10 h1:tBT7podcPhuVbCVkAEzx8bC5I+aqxfLwBN8/As1arrA= +go.etcd.io/etcd/client/pkg/v3 v3.6.10/go.mod h1:WEy3PpwbbEBVRdh1NVJYsuUe/8eyI21PNJRazeD8z/Y= +go.etcd.io/etcd/client/v3 v3.6.10 h1:J598zJ+C/ZPvImypmq5waj84+bovePrlZERHklf34y0= +go.etcd.io/etcd/client/v3 v3.6.10/go.mod h1:iHhUDUcEwaKs1YFq3MgmI9U4zhTVasp/vgdVbFf1RS8= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0 h1:XmiuHzgJt067+a6kwyAzkhXooYVv3/TOw9cM2VfJgUM= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0/go.mod h1:KDgtbWKTQs4bM+VPUr6WlL9m/WXcmkCcBlIzqxPGzmI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0= -go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c= -go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/jaeger v1.16.0 h1:YhxxmXZ011C0aDZKoNw+juVWAmEfv/0W2XBOv9aHTaA= go.opentelemetry.io/otel/exporters/jaeger v1.16.0/go.mod h1:grYbBo/5afWlPpdPZYhyn78Bk04hnvxn2+hvxQhKIQM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 h1:wVZXIWjQSeSmMoxF74LzAnpVQOAFDo3pPji9Y4SOFKc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0/go.mod h1:khvBS2IggMFNwZK/6lEeHg/W57h/IX6J4URh57fuI40= -go.opentelemetry.io/otel/exporters/prometheus v0.59.1 h1:HcpSkTkJbggT8bjYP+BjyqPWlD17BH9C5CYNKeDzmcA= -go.opentelemetry.io/otel/exporters/prometheus v0.59.1/go.mod h1:0FJL+gjuUoM07xzik3KPBaN+nz/CoB15kV6WLMiXZag= -go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ= -go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps= -go.opentelemetry.io/otel/sdk v1.41.0 h1:YPIEXKmiAwkGl3Gu1huk1aYWwtpRLeskpV+wPisxBp8= -go.opentelemetry.io/otel/sdk v1.41.0/go.mod h1:ahFdU0G5y8IxglBf0QBJXgSe7agzjE4GiTJ6HT9ud90= -go.opentelemetry.io/otel/sdk/metric v1.41.0 h1:siZQIYBAUd1rlIWQT2uCxWJxcCO7q3TriaMlf08rXw8= -go.opentelemetry.io/otel/sdk/metric v1.41.0/go.mod h1:HNBuSvT7ROaGtGI50ArdRLUnvRTRGniSUZbxiWxSO8Y= -go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0= -go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis= -go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= -go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0 h1:jOveH/b4lU9HT7y+Gfamf18BqlOuz2PWEvs8yM7Q6XE= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0/go.mod h1:i1P8pcumauPtUI4YNopea1dhzEMuEqWP1xoUZDylLHo= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= +go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= @@ -513,78 +513,45 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= -golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM= -golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= -golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= -google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY= -google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= +google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -601,36 +568,38 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/apiserver v0.34.3 h1:uGH1qpDvSiYG4HVFqc6A3L4CKiX+aBWDrrsxHYK0Bdo= -k8s.io/apiserver v0.34.3/go.mod h1:QPnnahMO5C2m3lm6fPW3+JmyQbvHZQ8uudAu/493P2w= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= +k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988= +k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU= +k8s.io/apiextensions-apiserver v0.35.4 h1:HeP+Upp7ItdvnyGmub0yoix+2z5+ev4M5cE5TCgtOUU= +k8s.io/apiextensions-apiserver v0.35.4/go.mod h1:ogQlk+stIE8mnoRthSYCwlOS12fVqgWFiErMwPaXA7c= +k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= +k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= +k8s.io/apiserver v0.35.4 h1:vtuFqNFmF9bPRdHDL2lpK6qCTPWDreZJL4LRPwVM6ho= +k8s.io/apiserver v0.35.4/go.mod h1:JnBcb+J8kFXKpZkgcbcUnPBBHi4qgBii1I7dLxFY/oo= k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= +k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8= +k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY= k8s.io/cloud-provider v0.34.0 h1:OgrNE+WSgfvDBQf6WS9qFM7Xr37bc0Og5kkL4hyWDmU= k8s.io/cloud-provider v0.34.0/go.mod h1:JbMa0t6JIGDMLI7Py6bdp9TN6cfuHrWGq+E/X+Ljkmo= -k8s.io/cluster-bootstrap v0.34.2 h1:oKckPeunVCns37BntcsxaOesDul32yzGd3DFLjW2fc8= -k8s.io/cluster-bootstrap v0.34.2/go.mod h1:f21byPR7X5nt12ivZi+J3pb4sG4SH6VySX8KAAJA8BY= -k8s.io/component-base v0.34.3 h1:zsEgw6ELqK0XncCQomgO9DpUIzlrYuZYA0Cgo+JWpVk= -k8s.io/component-base v0.34.3/go.mod h1:5iIlD8wPfWE/xSHTRfbjuvUul2WZbI2nOUK65XL0E/c= +k8s.io/cluster-bootstrap v0.35.4 h1:XAOSQ+4dvUPdksaVHp/C9rq0XlFmF3UHkx4KGgNgaU4= +k8s.io/cluster-bootstrap v0.35.4/go.mod h1:9tlzRvPEjXAhKV2cok7pJLnMjiRgKZdT9IR3iJzksek= +k8s.io/component-base v0.35.4 h1:6n1tNJ87johN0Hif0Fs8K2GMthsaUwMqCebUDLYyv7U= +k8s.io/component-base v0.35.4/go.mod h1:qaDJgz5c1KYKla9occFmlJEfPpkuA55s90G509R+PeY= k8s.io/component-helpers v0.34.2 h1:RIUGDdU+QFzeVKLZ9f05sXTNAtJrRJ3bnbMLrogCrvM= k8s.io/component-helpers v0.34.2/go.mod h1:pLi+GByuRTeFjjcezln8gHL7LcT6HImkwVQ3A2SQaEE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= -k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/cloud-provider-azure v1.34.3 h1:dk+siFumvax/D5UCDeK9565wSA2w4wKXAm8vSt6Ifuw= @@ -639,12 +608,12 @@ sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 h1:7vEaYwdsvOz1OBAtEm6vyc4K sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2/go.mod h1:BgPOvGEdPTyaIWREF7pywm6teBhO3fNVQ+CTPYyr/5w= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 h1:Sy+dyfxemdQaz/UfJYWzALlbLdEaZ7IoKn93JXTqWYs= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4/go.mod h1:RgIi9n/PhULbvPjYZGsjP2zWJf1ZEd1qyA0CYUuSgcE= -sigs.k8s.io/cluster-api v1.12.4 h1:usvoZ+Nblfu//l31hm1B1WUdigb6OnGAJqwt8qWq/iA= -sigs.k8s.io/cluster-api v1.12.4/go.mod h1:ePDeVCVaW6SGxRgDeLt5+KK4TigEnF0LPV6ztEzRzlI= -sigs.k8s.io/cluster-api/test v1.12.4 h1:I1x28SO54mAv3hk/ZQFKr7PKyAviAfil2YpdD9g2OeQ= -sigs.k8s.io/cluster-api/test v1.12.4/go.mod h1:+3Xo0ZughngvRVKKYyq6oL7qgRp9Sdl/6qQ+lkoO6ME= -sigs.k8s.io/controller-runtime v0.22.5 h1:v3nfSUMowX/2WMp27J9slwGFyAt7IV0YwBxAkrUr0GE= -sigs.k8s.io/controller-runtime v0.22.5/go.mod h1:pc5SoYWnWI6I+cBHYYdZ7B6YHZVY5xNfll88JB+vniI= +sigs.k8s.io/cluster-api v1.13.1 h1:5qksGznSU1fJOXIxsI4EayTqG1Q9S0qJNp3HdsVm1KU= +sigs.k8s.io/cluster-api v1.13.1/go.mod h1:Hqq5yucu3OwPiAjNEh/O/zZX4dF63MD8Q6I0cwL/bUU= +sigs.k8s.io/cluster-api/test v1.13.1 h1:NimY83SFiO24J3GhF2Fw+iUcKzRPUY2Ev0wRPbogl2k= +sigs.k8s.io/cluster-api/test v1.13.1/go.mod h1:3FL7oJBT6ThT63TcbTigSNNXCXK/2CJ5b8ODbaVs3nk= +sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= +sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kind v0.31.0 h1:UcT4nzm+YM7YEbqiAKECk+b6dsvc/HRZZu9U0FolL1g= @@ -655,7 +624,7 @@ sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/hack/create-dev-cluster.sh b/hack/create-dev-cluster.sh index 7fe3d6a92eb..12643e46ff1 100755 --- a/hack/create-dev-cluster.sh +++ b/hack/create-dev-cluster.sh @@ -53,7 +53,7 @@ export CONTROL_PLANE_MACHINE_COUNT=${CONTROL_PLANE_MACHINE_COUNT:-3} export AZURE_CONTROL_PLANE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-Standard_B2s}" export AZURE_NODE_MACHINE_TYPE="${NODE_MACHINE_TYPE:-Standard_B2s}" export WORKER_MACHINE_COUNT=${WORKER_MACHINE_COUNT:-2} -export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.33.6}" +export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.35.4}" export CLUSTER_TEMPLATE="${CLUSTER_TEMPLATE:-cluster-template.yaml}" # identity secret settings. diff --git a/hack/ensure-go.sh b/hack/ensure-go.sh index 3fc7d3f7c41..817b8231422 100755 --- a/hack/ensure-go.sh +++ b/hack/ensure-go.sh @@ -31,7 +31,7 @@ EOF local go_version IFS=" " read -ra go_version <<< "$(go version)" local minimum_go_version - minimum_go_version=go1.24.13 + minimum_go_version=go1.25.9 if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "${go_version[2]}" != "devel" ]]; then cat < 0 { + if (amp.Spec.Template.SubnetName != "" || amp.Spec.Template.AcceleratedNetworking != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 { //nolint:staticcheck // Both the deprecated and the new fields are both set, return without changes // and reject the request in the validating webhook which runs later. return @@ -147,12 +148,12 @@ func (amp *AzureMachinePool) SetNetworkInterfacesDefaults() { if len(amp.Spec.Template.NetworkInterfaces) == 0 { amp.Spec.Template.NetworkInterfaces = []infrav1.NetworkInterface{ { - SubnetName: amp.Spec.Template.SubnetName, - AcceleratedNetworking: amp.Spec.Template.AcceleratedNetworking, + SubnetName: amp.Spec.Template.SubnetName, //nolint:staticcheck + AcceleratedNetworking: amp.Spec.Template.AcceleratedNetworking, //nolint:staticcheck }, } - amp.Spec.Template.SubnetName = "" - amp.Spec.Template.AcceleratedNetworking = nil + amp.Spec.Template.SubnetName = "" //nolint:staticcheck + amp.Spec.Template.AcceleratedNetworking = nil //nolint:staticcheck } // Ensure that PrivateIPConfigs defaults to 1 if not specified. @@ -164,7 +165,7 @@ func (amp *AzureMachinePool) SetNetworkInterfacesDefaults() { } // SetOSDiskDefaults sets the defaults for the OSDisk. -func (amp *AzureMachinePool) SetOSDiskDefaults() { +func SetOSDiskDefaults(amp *infrav1exp.AzureMachinePool) { if amp.Spec.Template.OSDisk.OSType == "" { amp.Spec.Template.OSDisk.OSType = "Linux" } diff --git a/exp/api/v1beta1/azuremachinepool_default_test.go b/internal/exp/api/v1beta1/azuremachinepool_default_test.go similarity index 72% rename from exp/api/v1beta1/azuremachinepool_default_test.go rename to internal/exp/api/v1beta1/azuremachinepool_default_test.go index 1fcdd895eee..9ade88c2773 100644 --- a/exp/api/v1beta1/azuremachinepool_default_test.go +++ b/internal/exp/api/v1beta1/azuremachinepool_default_test.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" apiinternal "sigs.k8s.io/cluster-api-provider-azure/internal/api/v1beta1" ) @@ -36,19 +37,17 @@ func TestAzureMachinePool_SetDefaultSSHPublicKey(t *testing.T) { g := NewWithT(t) type test struct { - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool } existingPublicKey := "testpublickey" publicKeyExistTest := test{amp: createMachinePoolWithSSHPublicKey(existingPublicKey)} publicKeyNotExistTest := test{amp: createMachinePoolWithSSHPublicKey("")} - err := publicKeyExistTest.amp.SetDefaultSSHPublicKey() - g.Expect(err).NotTo(HaveOccurred()) + g.Expect(SetDefaultSSHPublicKey(publicKeyExistTest.amp)).To(Succeed()) g.Expect(publicKeyExistTest.amp.Spec.Template.SSHPublicKey).To(Equal(existingPublicKey)) - err = publicKeyNotExistTest.amp.SetDefaultSSHPublicKey() - g.Expect(err).NotTo(HaveOccurred()) + g.Expect(SetDefaultSSHPublicKey(publicKeyNotExistTest.amp)).To(Succeed()) g.Expect(publicKeyNotExistTest.amp.Spec.Template.SSHPublicKey).NotTo(BeEmpty()) } @@ -61,14 +60,14 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { tests := []struct { name string - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool wantErr bool expectedRoleAssignmentName string expectedSystemAssignedIdentityRole *infrav1.SystemAssignedIdentityRole }{ { name: "bothRoleAssignmentNamesPopulated", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, RoleAssignmentName: existingRoleAssignmentName, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ @@ -82,7 +81,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "roleAssignmentExist", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -96,14 +95,14 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "notSystemAssigned", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentityUserAssigned, }}, expectedSystemAssignedIdentityRole: nil, }, { name: "systemAssignedIdentityRoleExist", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -119,7 +118,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "deprecatedRoleAssignmentName", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, RoleAssignmentName: existingRoleAssignmentName, }}, @@ -136,7 +135,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { g := NewWithT(t) scheme := runtime.NewScheme() - _ = AddToScheme(scheme) + _ = infrav1exp.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) @@ -176,12 +175,12 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { } fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(tc.machinePool, machinePool, azureCluster, cluster).Build() - err := tc.machinePool.SetIdentityDefaults(fakeClient) + err := SetIdentityDefaults(tc.machinePool, fakeClient) if tc.wantErr { g.Expect(err).To(HaveOccurred()) } else { g.Expect(err).NotTo(HaveOccurred()) - g.Expect(tc.machinePool.Spec.RoleAssignmentName).To(Equal(tc.expectedRoleAssignmentName)) + g.Expect(tc.machinePool.Spec.RoleAssignmentName).To(Equal(tc.expectedRoleAssignmentName)) //nolint:staticcheck g.Expect(tc.machinePool.Spec.SystemAssignedIdentityRole).To(Equal(tc.expectedSystemAssignedIdentityRole)) } }) @@ -192,16 +191,16 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { g := NewWithT(t) type test struct { - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool } bootDiagnosticsDefault := &infrav1.BootDiagnostics{ StorageAccountType: infrav1.ManagedDiagnosticsStorage, } - managedStorageDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + managedStorageDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.ManagedDiagnosticsStorage, @@ -211,9 +210,9 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - disabledStorageDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + disabledStorageDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.DisabledDiagnosticsStorage, @@ -223,9 +222,9 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - userManagedDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + userManagedDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.UserManagedDiagnosticsStorage, @@ -238,36 +237,36 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - nilDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: nil, }, }, }} // Test that when no diagnostics are specified, the defaults are set correctly - nilBootDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilBootDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{}, }, }, }} - nilBootDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(nilBootDiagnostics.machinePool) g.Expect(nilBootDiagnostics.machinePool.Spec.Template.Diagnostics.Boot).To(Equal(bootDiagnosticsDefault)) - managedStorageDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(managedStorageDiagnostics.machinePool) g.Expect(managedStorageDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.ManagedDiagnosticsStorage)) - disabledStorageDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(disabledStorageDiagnostics.machinePool) g.Expect(disabledStorageDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.DisabledDiagnosticsStorage)) - userManagedDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(userManagedDiagnostics.machinePool) g.Expect(userManagedDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.UserManagedDiagnosticsStorage)) - nilDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(nilDiagnostics.machinePool) g.Expect(nilDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.ManagedDiagnosticsStorage)) } @@ -275,28 +274,28 @@ func TestAzureMachinePool_SetSpotEvictionPolicyDefaults(t *testing.T) { g := NewWithT(t) type test struct { - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool } // test to Ensure the default policy is set to Deallocate if EvictionPolicy is nil defaultEvictionPolicy := infrav1.SpotEvictionPolicyDeallocate - nilDiffDiskSettingsPolicy := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilDiffDiskSettingsPolicy := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SpotVMOptions: &infrav1.SpotVMOptions{ EvictionPolicy: nil, }, }, }, }} - nilDiffDiskSettingsPolicy.machinePool.SetSpotEvictionPolicyDefaults() + SetSpotEvictionPolicyDefaults(nilDiffDiskSettingsPolicy.machinePool) g.Expect(nilDiffDiskSettingsPolicy.machinePool.Spec.Template.SpotVMOptions.EvictionPolicy).To(Equal(&defaultEvictionPolicy)) // test to Ensure the default policy is set to Delete if diffDiskSettings option is set to "Local" expectedEvictionPolicy := infrav1.SpotEvictionPolicyDelete - diffDiskSettingsPolicy := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + diffDiskSettingsPolicy := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SpotVMOptions: &infrav1.SpotVMOptions{}, OSDisk: infrav1.OSDisk{ DiffDiskSettings: &infrav1.DiffDiskSettings{ @@ -306,28 +305,28 @@ func TestAzureMachinePool_SetSpotEvictionPolicyDefaults(t *testing.T) { }, }, }} - diffDiskSettingsPolicy.machinePool.SetSpotEvictionPolicyDefaults() + SetSpotEvictionPolicyDefaults(diffDiskSettingsPolicy.machinePool) g.Expect(diffDiskSettingsPolicy.machinePool.Spec.Template.SpotVMOptions.EvictionPolicy).To(Equal(&expectedEvictionPolicy)) } func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { testCases := []struct { name string - machinePool *AzureMachinePool - want *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool + want *infrav1exp.AzureMachinePool }{ { name: "defaulting webhook updates MachinePool with deprecated subnetName field", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "", NetworkInterfaces: []infrav1.NetworkInterface{ { @@ -341,17 +340,17 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, { name: "defaulting webhook updates MachinePool with deprecated acceleratedNetworking field", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", AcceleratedNetworking: ptr.To(true), }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "", AcceleratedNetworking: nil, NetworkInterfaces: []infrav1.NetworkInterface{ @@ -367,9 +366,9 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, { name: "defaulting webhook does nothing if both new and deprecated subnetName fields are set", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", NetworkInterfaces: []infrav1.NetworkInterface{{ SubnetName: "test-subnet", @@ -377,9 +376,9 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", AcceleratedNetworking: nil, NetworkInterfaces: []infrav1.NetworkInterface{ @@ -396,20 +395,16 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - tc.machinePool.SetNetworkInterfacesDefaults() + SetNetworkInterfacesDefaults(tc.machinePool) g.Expect(tc.machinePool).To(Equal(tc.want)) }) } } -func createMachinePoolWithSSHPublicKey(sshPublicKey string) *AzureMachinePool { - return hardcodedAzureMachinePoolWithSSHKey(sshPublicKey) -} - -func hardcodedAzureMachinePoolWithSSHKey(sshPublicKey string) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithSSHPublicKey(sshPublicKey string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SSHPublicKey: sshPublicKey, OSDisk: infrav1.OSDisk{ CachingType: "None", diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/internal/exp/webhooks/azuremachinepool_webhook.go similarity index 71% rename from exp/api/v1beta1/azuremachinepool_webhook.go rename to internal/exp/webhooks/azuremachinepool_webhook.go index abd3d335dce..edb076dcb94 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/internal/exp/webhooks/azuremachinepool_webhook.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" @@ -24,7 +24,6 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" "github.com/blang/semver" "github.com/pkg/errors" - apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/intstr" @@ -34,76 +33,63 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" + apiinternalexp "sigs.k8s.io/cluster-api-provider-azure/internal/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/internal/webhooks" azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" ) -// SetupAzureMachinePoolWebhookWithManager sets up and registers the webhook with the manager. -func SetupAzureMachinePoolWebhookWithManager(mgr ctrl.Manager) error { - ampw := &azureMachinePoolWebhook{Client: mgr.GetClient()} - return ctrl.NewWebhookManagedBy(mgr). - For(&AzureMachinePool{}). - WithDefaulter(ampw). - WithValidator(ampw). +// SetupWebhookWithManager sets up and registers the webhook with the manager. +func (mw *AzureMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { + mw.Client = mgr.GetClient() + return ctrl.NewWebhookManagedBy(mgr, &infrav1exp.AzureMachinePool{}). + WithDefaulter(mw). + WithValidator(mw). Complete() } // +kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=true,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,verbs=create;update,versions=v1beta1,name=default.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 +// +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,versions=v1beta1,name=validation.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -// azureMachinePoolWebhook implements a validating and defaulting webhook for AzureMachinePool. -type azureMachinePoolWebhook struct { +// AzureMachinePoolWebhook implements a validating and defaulting webhook for AzureMachinePool. +type AzureMachinePoolWebhook struct { Client client.Client } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) Default(_ context.Context, obj runtime.Object) error { - amp, ok := obj.(*AzureMachinePool) - if !ok { - return apierrors.NewBadRequest("expected an AzureMachinePool") - } - return amp.SetDefaults(ampw.Client) +func (mw *AzureMachinePoolWebhook) Default(_ context.Context, amp *infrav1exp.AzureMachinePool) error { + return apiinternalexp.SetDefaults(amp, mw.Client) } -// +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,versions=v1beta1,name=validation.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 - // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - amp, ok := obj.(*AzureMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachinePool") - } - - return nil, amp.Validate(nil, ampw.Client) +func (mw *AzureMachinePoolWebhook) ValidateCreate(_ context.Context, amp *infrav1exp.AzureMachinePool) (admission.Warnings, error) { + return nil, ValidateAzureMachinePool(nil, amp, mw.Client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - amp, ok := newObj.(*AzureMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachinePool") - } - return nil, amp.Validate(oldObj, ampw.Client) +func (mw *AzureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, amp *infrav1exp.AzureMachinePool) (admission.Warnings, error) { + return nil, ValidateAzureMachinePool(oldObj, amp, mw.Client) } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mw *AzureMachinePoolWebhook) ValidateDelete(_ context.Context, _ *infrav1exp.AzureMachinePool) (admission.Warnings, error) { return nil, nil } -// Validate the Azure Machine Pool and return an aggregate error. -func (amp *AzureMachinePool) Validate(old runtime.Object, client client.Client) error { +// ValidateAzureMachinePool runs the Azure Machine Pool validators and returns an aggregate error. +func ValidateAzureMachinePool(old runtime.Object, amp *infrav1exp.AzureMachinePool, c client.Client) error { validators := []func() error{ - amp.ValidateImage, - amp.ValidateTerminateNotificationTimeout, - amp.ValidateSSHKey, - amp.ValidateUserAssignedIdentity, - amp.ValidateDiagnostics, - amp.ValidateOrchestrationMode(client), - amp.ValidateStrategy(), - amp.ValidateSystemAssignedIdentity(old), - amp.ValidateSystemAssignedIdentityRole, - amp.ValidateNetwork, - amp.ValidateOSDisk, + func() error { return validateImage(amp) }, + func() error { return validateTerminateNotificationTimeout(amp) }, + func() error { return validateSSHKey(amp) }, + func() error { return validateUserAssignedIdentity(amp) }, + func() error { return validateDiagnostics(amp) }, + validateOrchestrationMode(amp, c), + validateStrategy(amp), + validateSystemAssignedIdentity(amp, old), + func() error { return validateSystemAssignedIdentityRole(amp) }, + func() error { return validateNetwork(amp) }, + func() error { return validateOSDisk(amp) }, } var errs []error @@ -116,36 +102,31 @@ func (amp *AzureMachinePool) Validate(old runtime.Object, client client.Client) return kerrors.NewAggregate(errs) } -// ValidateNetwork of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateNetwork() error { - if (amp.Spec.Template.NetworkInterfaces != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 && amp.Spec.Template.SubnetName != "" { +func validateNetwork(amp *infrav1exp.AzureMachinePool) error { + if (amp.Spec.Template.NetworkInterfaces != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 && amp.Spec.Template.SubnetName != "" { //nolint:staticcheck return errors.New("cannot set both NetworkInterfaces and machine SubnetName") } return nil } -// ValidateOSDisk of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateOSDisk() error { +func validateOSDisk(amp *infrav1exp.AzureMachinePool) error { if errs := webhooks.ValidateOSDisk(amp.Spec.Template.OSDisk, field.NewPath("osDisk")); len(errs) > 0 { return errs.ToAggregate() } return nil } -// ValidateImage of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateImage() error { +func validateImage(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.Image != nil { image := amp.Spec.Template.Image if errs := webhooks.ValidateImage(image, field.NewPath("image")); len(errs) > 0 { return errs.ToAggregate() } } - return nil } -// ValidateTerminateNotificationTimeout termination notification timeout to be between 5 and 15. -func (amp *AzureMachinePool) ValidateTerminateNotificationTimeout() error { +func validateTerminateNotificationTimeout(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.TerminateNotificationTimeout == nil { return nil } @@ -160,21 +141,18 @@ func (amp *AzureMachinePool) ValidateTerminateNotificationTimeout() error { return nil } -// ValidateSSHKey validates an SSHKey. -func (amp *AzureMachinePool) ValidateSSHKey() error { +func validateSSHKey(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.SSHPublicKey != "" { sshKey := amp.Spec.Template.SSHPublicKey if errs := webhooks.ValidateSSHKey(sshKey, field.NewPath("sshKey")); len(errs) > 0 { - agg := kerrors.NewAggregate(errs.ToAggregate().Errors()) - return agg + return kerrors.NewAggregate(errs.ToAggregate().Errors()) } } return nil } -// ValidateUserAssignedIdentity validates the user-assigned identities list. -func (amp *AzureMachinePool) ValidateUserAssignedIdentity() error { +func validateUserAssignedIdentity(amp *infrav1exp.AzureMachinePool) error { fldPath := field.NewPath("userAssignedIdentities") if errs := webhooks.ValidateUserAssignedIdentity(amp.Spec.Identity, amp.Spec.UserAssignedIdentities, fldPath); len(errs) > 0 { return kerrors.NewAggregate(errs.ToAggregate().Errors()) @@ -183,10 +161,9 @@ func (amp *AzureMachinePool) ValidateUserAssignedIdentity() error { return nil } -// ValidateStrategy validates the strategy. -func (amp *AzureMachinePool) ValidateStrategy() func() error { +func validateStrategy(amp *infrav1exp.AzureMachinePool) func() error { return func() error { - if amp.Spec.Strategy.Type == RollingUpdateAzureMachinePoolDeploymentStrategyType && amp.Spec.Strategy.RollingUpdate != nil { + if amp.Spec.Strategy.Type == infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType && amp.Spec.Strategy.RollingUpdate != nil { rollingUpdateStrategy := amp.Spec.Strategy.RollingUpdate maxSurge := rollingUpdateStrategy.MaxSurge maxUnavailable := rollingUpdateStrategy.MaxUnavailable @@ -200,12 +177,11 @@ func (amp *AzureMachinePool) ValidateStrategy() func() error { } } -// ValidateSystemAssignedIdentity validates system-assigned identity role. -func (amp *AzureMachinePool) ValidateSystemAssignedIdentity(old runtime.Object) func() error { +func validateSystemAssignedIdentity(amp *infrav1exp.AzureMachinePool, old runtime.Object) func() error { return func() error { var oldRole string if old != nil { - oldMachinePool, ok := old.(*AzureMachinePool) + oldMachinePool, ok := old.(*infrav1exp.AzureMachinePool) if !ok { return fmt.Errorf("unexpected type for old azure machine pool object. Expected: %q, Got: %q", "AzureMachinePool", reflect.TypeOf(old)) @@ -229,10 +205,9 @@ func (amp *AzureMachinePool) ValidateSystemAssignedIdentity(old runtime.Object) } } -// ValidateSystemAssignedIdentityRole validates the scope and roleDefinitionID for the system-assigned identity. -func (amp *AzureMachinePool) ValidateSystemAssignedIdentityRole() error { +func validateSystemAssignedIdentityRole(amp *infrav1exp.AzureMachinePool) error { var allErrs field.ErrorList - if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { + if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { //nolint:staticcheck allErrs = append(allErrs, field.Invalid(field.NewPath("systemAssignedIdentityRole"), amp.Spec.SystemAssignedIdentityRole.Name, "cannot set both roleAssignmentName and systemAssignedIdentityRole.name")) } if amp.Spec.Identity == infrav1.VMIdentitySystemAssigned { @@ -254,8 +229,7 @@ func (amp *AzureMachinePool) ValidateSystemAssignedIdentityRole() error { return nil } -// ValidateDiagnostics validates the Diagnostic spec. -func (amp *AzureMachinePool) ValidateDiagnostics() error { +func validateDiagnostics(amp *infrav1exp.AzureMachinePool) error { var allErrs field.ErrorList fieldPath := field.NewPath("diagnostics") @@ -295,8 +269,7 @@ func (amp *AzureMachinePool) ValidateDiagnostics() error { return nil } -// ValidateOrchestrationMode validates requirements for the VMSS orchestration mode. -func (amp *AzureMachinePool) ValidateOrchestrationMode(c client.Client) func() error { +func validateOrchestrationMode(amp *infrav1exp.AzureMachinePool, c client.Client) func() error { return func() error { // Only Flexible orchestration mode requires validation. if amp.Spec.OrchestrationMode == infrav1.OrchestrationModeType(armcompute.OrchestrationModeFlexible) { diff --git a/exp/api/v1beta1/azuremachinepool_webhook_test.go b/internal/exp/webhooks/azuremachinepool_webhook_test.go similarity index 78% rename from exp/api/v1beta1/azuremachinepool_webhook_test.go rename to internal/exp/webhooks/azuremachinepool_webhook_test.go index 69b5c0c0759..4fa3c88e5c4 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook_test.go +++ b/internal/exp/webhooks/azuremachinepool_webhook_test.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" @@ -35,6 +35,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/feature" apiinternal "sigs.k8s.io/cluster-api-provider-azure/internal/api/v1beta1" apifixtures "sigs.k8s.io/cluster-api-provider-azure/internal/test/apifixtures" @@ -52,12 +53,12 @@ type mockClient struct { ReturnError bool } -func (m mockClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { +func (m mockClient) Get(_ context.Context, _ client.ObjectKey, obj client.Object, _ ...client.GetOption) error { obj.(*clusterv1.MachinePool).Spec.Template.Spec.Version = m.Version return nil } -func (m mockClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { +func (m mockClient) List(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { if m.ReturnError { return errors.New("MachinePool.cluster.x-k8s.io \"mock-machinepool-mp-0\" not found") } @@ -71,7 +72,7 @@ func (m mockClient) List(ctx context.Context, list client.ObjectList, opts ...cl func TestAzureMachinePool_ValidateCreate(t *testing.T) { tests := []struct { name string - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool version string ownerNotFound bool wantErr bool @@ -176,9 +177,9 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { }, { name: "azuremachinepool with invalid MaxSurge and MaxUnavailable rolling upgrade configuration", - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &zero, }, @@ -187,9 +188,9 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { }, { name: "azuremachinepool with valid MaxSurge and MaxUnavailable rolling upgrade configuration", - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, @@ -248,11 +249,11 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { } for _, tc := range tests { - client := mockClient{Version: tc.version, ReturnError: tc.ownerNotFound} + c := mockClient{Version: tc.version, ReturnError: tc.ownerNotFound} t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - ampw := &azureMachinePoolWebhook{ - Client: client, + ampw := &AzureMachinePoolWebhook{ + Client: c, } _, err := ampw.ValidateCreate(t.Context(), tc.amp) if tc.wantErr { @@ -273,7 +274,7 @@ type mockDefaultClient struct { ReturnError bool } -func (m mockDefaultClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { +func (m mockDefaultClient) Get(_ context.Context, _ client.ObjectKey, obj client.Object, _ ...client.GetOption) error { switch obj := obj.(type) { case *infrav1.AzureCluster: obj.Spec.SubscriptionID = m.SubscriptionID @@ -288,7 +289,7 @@ func (m mockDefaultClient) Get(ctx context.Context, key client.ObjectKey, obj cl return nil } -func (m mockDefaultClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { +func (m mockDefaultClient) List(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { list.(*clusterv1.MachinePoolList).Items = []clusterv1.MachinePool{ { Spec: clusterv1.MachinePoolSpec{ @@ -315,8 +316,8 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { tests := []struct { name string - oldAMP *AzureMachinePool - amp *AzureMachinePool + oldAMP *infrav1exp.AzureMachinePool + amp *infrav1exp.AzureMachinePool wantErr bool }{ { @@ -345,10 +346,10 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { }, { name: "azuremachinepool with invalid MaxSurge and MaxUnavailable rolling upgrade configuration", - oldAMP: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{}), - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + oldAMP: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{}), + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &zero, }, @@ -357,10 +358,10 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { }, { name: "azuremachinepool with valid MaxSurge and MaxUnavailable rolling upgrade configuration", - oldAMP: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{}), - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + oldAMP: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{}), + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, @@ -389,7 +390,7 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - ampw := &azureMachinePoolWebhook{} + ampw := &AzureMachinePoolWebhook{} _, err := ampw.ValidateUpdate(t.Context(), tc.oldAMP, tc.amp) if tc.wantErr { g.Expect(err).To(HaveOccurred()) @@ -404,7 +405,7 @@ func TestAzureMachinePool_Default(t *testing.T) { g := NewWithT(t) type test struct { - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool } existingPublicKey := validSSHPublicKey @@ -416,10 +417,10 @@ func TestAzureMachinePool_Default(t *testing.T) { fakeSubscriptionID := guuid.New().String() fakeClusterName := "testcluster" fakeMachinePoolName := "testmachinepool" - mockClient := mockDefaultClient{Name: fakeMachinePoolName, ClusterName: fakeClusterName, SubscriptionID: fakeSubscriptionID} + c := mockDefaultClient{Name: fakeMachinePoolName, ClusterName: fakeClusterName, SubscriptionID: fakeSubscriptionID} - roleAssignmentExistTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + roleAssignmentExistTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -432,8 +433,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - emptyTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + emptyTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{}, }, @@ -442,8 +443,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - systemAssignedIdentityRoleExistTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + systemAssignedIdentityRoleExistTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ DefinitionID: "testroledefinitionid", @@ -455,8 +456,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - ampw := &azureMachinePoolWebhook{ - Client: mockClient, + ampw := &AzureMachinePoolWebhook{ + Client: c, } err := ampw.Default(t.Context(), roleAssignmentExistTest.amp) @@ -479,14 +480,13 @@ func TestAzureMachinePool_Default(t *testing.T) { err = ampw.Default(t.Context(), emptyTest.amp) g.Expect(err).NotTo(HaveOccurred()) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name).To(Not(BeEmpty())) - _, err = guuid.Parse(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name) - g.Expect(err).To(Not(HaveOccurred())) + g.Expect(guuid.Validate(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name)).To(Succeed()) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole).To(Not(BeNil())) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.Scope).To(Equal(fmt.Sprintf("/subscriptions/%s/", fakeSubscriptionID))) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.DefinitionID).To(Equal(fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/%s", fakeSubscriptionID, apiinternal.ContributorRoleID))) } -func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ Marketplace: &infrav1.AzureMarketplaceImage{ ImagePlan: infrav1.ImagePlan{ @@ -498,9 +498,9 @@ func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -513,7 +513,7 @@ func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string } } -func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, gallery, version string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, gallery, version string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ SharedGallery: &infrav1.AzureSharedGalleryImage{ SubscriptionID: subscriptionID, @@ -524,9 +524,9 @@ func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, galle }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -539,10 +539,10 @@ func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, galle } } -func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1.NetworkInterface) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1.NetworkInterface) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: subnetName, NetworkInterfaces: interfaces, OSDisk: infrav1.OSDisk{ @@ -554,14 +554,14 @@ func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1. } } -func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ ID: &imageID, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -574,16 +574,33 @@ func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout } } -func createMachinePoolWithSystemAssignedIdentity(role string) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithSSHPublicKey(sshPublicKey string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ + SSHPublicKey: sshPublicKey, + OSDisk: infrav1.OSDisk{ + CachingType: "None", + OSType: "Linux", + }, + }, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "testmachinepool", + }, + } +} + +func createMachinePoolWithSystemAssignedIdentity(role string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: role, Scope: "scope", DefinitionID: "definitionID", }, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -593,7 +610,7 @@ func createMachinePoolWithSystemAssignedIdentity(role string) *AzureMachinePool } } -func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsStorageAccountType, userManaged *infrav1.UserManagedBootDiagnostics) *AzureMachinePool { +func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsStorageAccountType, userManaged *infrav1.UserManagedBootDiagnostics) *infrav1exp.AzureMachinePool { var diagnostics *infrav1.Diagnostics if diagnosticsType != "" { @@ -608,9 +625,9 @@ func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsSto diagnostics.Boot.UserManaged = userManaged } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: diagnostics, OSDisk: infrav1.OSDisk{ CachingType: "None", @@ -621,7 +638,7 @@ func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsSto } } -func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachinePool { +func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *infrav1exp.AzureMachinePool { userAssignedIdentities := make([]infrav1.UserAssignedIdentity, len(providerIDs)) for _, providerID := range providerIDs { @@ -630,11 +647,11 @@ func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachi }) } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentityUserAssigned, UserAssignedIdentities: userAssignedIdentities, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -644,11 +661,11 @@ func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachi } } -func createMachinePoolWithStrategy(strategy AzureMachinePoolDeploymentStrategy) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithStrategy(strategy infrav1exp.AzureMachinePoolDeploymentStrategy) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Strategy: strategy, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -658,11 +675,11 @@ func createMachinePoolWithStrategy(strategy AzureMachinePoolDeploymentStrategy) } } -func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ OrchestrationMode: infrav1.OrchestrationModeType(mode), - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -672,10 +689,10 @@ func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) * } } -func createMachinePoolWithDiffDiskSettings(settings infrav1.DiffDiskSettings) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithDiffDiskSettings(settings infrav1.DiffDiskSettings) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ DiffDiskSettings: &settings, }, @@ -689,7 +706,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { tests := []struct { name string - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool featureGateEnabled *bool expectError bool }{ @@ -705,7 +722,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { if tc.featureGateEnabled != nil { utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, *tc.featureGateEnabled) } - ampw := &azureMachinePoolWebhook{} + ampw := &AzureMachinePoolWebhook{} _, err := ampw.ValidateCreate(t.Context(), tc.amp) if tc.expectError { g.Expect(err).To(HaveOccurred()) @@ -716,7 +733,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { } } -func getKnownValidAzureMachinePool() *AzureMachinePool { +func getKnownValidAzureMachinePool() *infrav1exp.AzureMachinePool { image := infrav1.Image{ Marketplace: &infrav1.AzureMarketplaceImage{ ImagePlan: infrav1.ImagePlan{ @@ -727,9 +744,9 @@ func getKnownValidAzureMachinePool() *AzureMachinePool { Version: "1.0.0", }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: ptr.To(10), @@ -744,9 +761,9 @@ func getKnownValidAzureMachinePool() *AzureMachinePool { Scope: "scope", DefinitionID: "definitionID", }, - Strategy: AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + Strategy: infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, diff --git a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go b/internal/exp/webhooks/azuremachinepoolmachine_webhook.go similarity index 59% rename from exp/api/v1beta1/azuremachinepoolmachine_webhook.go rename to internal/exp/webhooks/azuremachinepoolmachine_webhook.go index a294c788005..6d6ece39517 100644 --- a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go +++ b/internal/exp/webhooks/azuremachinepoolmachine_webhook.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,51 +14,39 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" - "fmt" "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. -func (ampm *AzureMachinePoolMachine) SetupWebhookWithManager(mgr ctrl.Manager) error { - w := new(azureMachinePoolMachineWebhook) - return ctrl.NewWebhookManagedBy(mgr). - For(ampm). +func (w *AzureMachinePoolMachineWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr, &infrav1exp.AzureMachinePoolMachine{}). WithValidator(w). Complete() } // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepoolmachines,versions=v1beta1,name=azuremachinepoolmachine.kb.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -type azureMachinePoolMachineWebhook struct{} +// AzureMachinePoolMachineWebhook implements a validating webhook for AzureMachinePoolMachine. +type AzureMachinePoolMachineWebhook struct{} -var _ webhook.CustomValidator = &azureMachinePoolMachineWebhook{} +var _ admission.Validator[*infrav1exp.AzureMachinePoolMachine] = &AzureMachinePoolMachineWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - ampm, ok := newObj.(*AzureMachinePoolMachine) - if !ok { - return nil, fmt.Errorf("expected an AzureMachinePoolMachine object but got %T", ampm) - } - - oldMachine, ok := oldObj.(*AzureMachinePoolMachine) - if !ok { - return nil, errors.New("expected and AzureMachinePoolMachine") - } - +func (*AzureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldMachine, ampm *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { if oldMachine.Spec.ProviderID != "" && ampm.Spec.ProviderID != oldMachine.Spec.ProviderID { return nil, errors.New("providerID is immutable") } @@ -67,6 +55,6 @@ func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldObj, } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureasomanagedcluster_webhook.go b/internal/webhooks/azureasomanagedcluster_webhook.go index 3c942e0f1fe..10ec4c128be 100644 --- a/internal/webhooks/azureasomanagedcluster_webhook.go +++ b/internal/webhooks/azureasomanagedcluster_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedCluster{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedClusterWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedcluster,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedclusters,versions=v1beta1,name=validation.azureasomanagedcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedCluster) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedCluster") - } +func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureasomanagedcontrolplane_webhook.go b/internal/webhooks/azureasomanagedcontrolplane_webhook.go index 53fa5bf5aaa..49a35ae551b 100644 --- a/internal/webhooks/azureasomanagedcontrolplane_webhook.go +++ b/internal/webhooks/azureasomanagedcontrolplane_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedControlPlaneWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedControlPlane{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedControlPlane{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedControlPlaneWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedcontrolplane,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedcontrolplanes,versions=v1beta1,name=validation.azureasomanagedcontrolplane.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedControlPlane") - } +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureasomanagedmachinepool_webhook.go b/internal/webhooks/azureasomanagedmachinepool_webhook.go index b94329f0fdd..6a529efd034 100644 --- a/internal/webhooks/azureasomanagedmachinepool_webhook.go +++ b/internal/webhooks/azureasomanagedmachinepool_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedMachinePool{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedMachinePool{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedMachinePoolWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedmachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedmachinepools,versions=v1beta1,name=validation.azureasomanagedmachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedMachinePool") - } +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azurecluster_webhook.go b/internal/webhooks/azurecluster_webhook.go index 14eaf359c75..16c47c6cfc6 100644 --- a/internal/webhooks/azurecluster_webhook.go +++ b/internal/webhooks/azurecluster_webhook.go @@ -18,14 +18,11 @@ package webhooks import ( "context" - "fmt" "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -35,8 +32,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureCluster{}). WithValidator(w). WithDefaulter(w). Complete() @@ -48,39 +44,23 @@ func (w *AzureClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { // AzureClusterWebhook implements validating and mutating webhook for AzureCluster. type AzureClusterWebhook struct{} -var _ webhook.CustomValidator = &AzureClusterWebhook{} -var _ webhook.CustomDefaulter = &AzureClusterWebhook{} +var _ admission.Validator[*infrav1.AzureCluster] = &AzureClusterWebhook{} +var _ admission.Defaulter[*infrav1.AzureCluster] = &AzureClusterWebhook{} // Default implements webhook.CustomDefaulter so a webhook will be registered for the type. -func (*AzureClusterWebhook) Default(_ context.Context, obj runtime.Object) error { - c, ok := obj.(*infrav1.AzureCluster) - if !ok { - return fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) Default(_ context.Context, c *infrav1.AzureCluster) error { apiinternal.SetDefaultsAzureCluster(c) return nil } // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureCluster) - if !ok { - return nil, fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureCluster) (admission.Warnings, error) { return validateAzureCluster(c, nil) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureCluster) - if !ok { - return nil, fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureCluster) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureCluster) if err := webhookutils.ValidateImmutable( field.NewPath("spec", "resourceGroup"), @@ -180,6 +160,6 @@ func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj run } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureclusteridentity_webhook.go b/internal/webhooks/azureclusteridentity_webhook.go index aa496d50a1c..45703622cbb 100644 --- a/internal/webhooks/azureclusteridentity_webhook.go +++ b/internal/webhooks/azureclusteridentity_webhook.go @@ -18,13 +18,10 @@ package webhooks import ( "context" - "fmt" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -33,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureClusterIdentityWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureClusterIdentity{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureClusterIdentity{}). WithValidator(w). Complete() } @@ -44,27 +40,16 @@ func (w *AzureClusterIdentityWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureClusterIdentityWebhook implements a validating webhook for AzureClusterIdentity. type AzureClusterIdentityWebhook struct{} -var _ webhook.CustomValidator = &AzureClusterIdentityWebhook{} +var _ admission.Validator[*infrav1.AzureClusterIdentity] = &AzureClusterIdentityWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureClusterIdentity) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterIdentity object but got %T", c) - } - +func (*AzureClusterIdentityWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureClusterIdentity) (admission.Warnings, error) { return validateAzureClusterIdentity(c) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureClusterIdentity) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterIdentity object but got %T", c) - } - +func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureClusterIdentity) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureClusterIdentity) if err := webhookutils.ValidateImmutable( field.NewPath("Spec", "Type"), old.Spec.Type, @@ -78,6 +63,6 @@ func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, oldRaw, ne } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterIdentityWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureClusterIdentity) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureclustertemplate_webhook.go b/internal/webhooks/azureclustertemplate_webhook.go index e6bef030763..5ef2c7ecc0b 100644 --- a/internal/webhooks/azureclustertemplate_webhook.go +++ b/internal/webhooks/azureclustertemplate_webhook.go @@ -18,14 +18,11 @@ package webhooks import ( "context" - "fmt" "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -37,8 +34,7 @@ const AzureClusterTemplateImmutableMsg = "AzureClusterTemplate spec.template.spe // SetupWebhookWithManager will set up the webhook to be managed by the specified manager. func (w *AzureClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureClusterTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureClusterTemplate{}). WithValidator(w). WithDefaulter(w). Complete() @@ -50,40 +46,24 @@ func (w *AzureClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureClusterTemplateWebhook implements a validating and defaulting webhook for AzureClusterTemplate. type AzureClusterTemplateWebhook struct{} -var _ webhook.CustomDefaulter = &AzureClusterTemplateWebhook{} +var _ admission.Defaulter[*infrav1.AzureClusterTemplate] = &AzureClusterTemplateWebhook{} // Default implements webhook.CustomDefaulter so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - c, ok := obj.(*infrav1.AzureClusterTemplate) - if !ok { - return fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) Default(_ context.Context, c *infrav1.AzureClusterTemplate) error { apiinternal.SetDefaultsAzureClusterTemplate(c) return nil } -var _ webhook.CustomValidator = &AzureClusterTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureClusterTemplate] = &AzureClusterTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureClusterTemplate) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureClusterTemplate) (admission.Warnings, error) { return validateAzureClusterTemplate(c) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureClusterTemplate) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureClusterTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureClusterTemplate) if !reflect.DeepEqual(c.Spec.Template.Spec, old.Spec.Template.Spec) { allErrs = append(allErrs, field.Invalid(field.NewPath("AzureClusterTemplate", "spec", "template", "spec"), c, AzureClusterTemplateImmutableMsg), @@ -97,6 +77,6 @@ func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, oldRaw, ne } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureClusterTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremachine_validation.go b/internal/webhooks/azuremachine_validation.go index 4a229ec5820..05990fb23f3 100644 --- a/internal/webhooks/azuremachine_validation.go +++ b/internal/webhooks/azuremachine_validation.go @@ -123,7 +123,7 @@ func ValidateSystemAssignedIdentity(identityType infrav1.VMIdentity, oldIdentity allErrs := field.ErrorList{} if identityType == infrav1.VMIdentitySystemAssigned { - if _, err := uuid.Parse(newIdentity); err != nil { + if err := uuid.Validate(newIdentity); err != nil { allErrs = append(allErrs, field.Invalid(fldPath, newIdentity, "Role assignment name must be a valid GUID. It is optional and will be auto-generated when not specified.")) } if oldIdentity != "" && oldIdentity != newIdentity { diff --git a/internal/webhooks/azuremachine_validation_test.go b/internal/webhooks/azuremachine_validation_test.go index b7e45798fa2..9aba9c61636 100644 --- a/internal/webhooks/azuremachine_validation_test.go +++ b/internal/webhooks/azuremachine_validation_test.go @@ -443,6 +443,42 @@ func TestAzureMachine_ValidateDataDisks(t *testing.T) { }, wantErr: true, }, + { + name: "nil LUN", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: nil, + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, + { + name: "LUN below valid range", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: ptr.To[int32](-1), + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, + { + name: "LUN above valid range", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: ptr.To[int32](64), + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, } for _, test := range testcases { @@ -458,6 +494,110 @@ func TestAzureMachine_ValidateDataDisks(t *testing.T) { } } +func TestAzureMachine_ValidateDiagnostics(t *testing.T) { + testcases := []struct { + name string + diagnostics *infrav1.Diagnostics + wantErr bool + }{ + { + name: "nil diagnostics", + diagnostics: nil, + wantErr: false, + }, + { + name: "nil boot diagnostics", + diagnostics: &infrav1.Diagnostics{}, + wantErr: false, + }, + { + name: "managed storage account type without user-managed config", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.ManagedDiagnosticsStorage, + }, + }, + wantErr: false, + }, + { + name: "managed storage account type with user-managed StorageAccountURI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.ManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: true, + }, + { + name: "disabled storage account type without user-managed config", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.DisabledDiagnosticsStorage, + }, + }, + wantErr: false, + }, + { + name: "disabled storage account type with user-managed StorageAccountURI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.DisabledDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: true, + }, + { + name: "user-managed storage account type with valid URI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: false, + }, + { + name: "user-managed storage account type missing UserManaged", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + }, + }, + wantErr: true, + }, + { + name: "user-managed storage account type with empty URI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{}, + }, + }, + wantErr: true, + }, + } + + for _, test := range testcases { + t.Run(test.name, func(t *testing.T) { + g := NewWithT(t) + err := ValidateDiagnostics(test.diagnostics, field.NewPath("diagnostics")) + if test.wantErr { + g.Expect(err).NotTo(BeEmpty()) + } else { + g.Expect(err).To(BeEmpty()) + } + }) + } +} + func TestAzureMachine_ValidateSystemAssignedIdentity(t *testing.T) { tests := []struct { name string diff --git a/internal/webhooks/azuremachine_webhook.go b/internal/webhooks/azuremachine_webhook.go index d964acc5a2a..ca52f1be62a 100644 --- a/internal/webhooks/azuremachine_webhook.go +++ b/internal/webhooks/azuremachine_webhook.go @@ -21,7 +21,6 @@ import ( "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -36,8 +35,7 @@ import ( func (mw *AzureMachineWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureMachine{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureMachine{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -52,11 +50,7 @@ type AzureMachineWebhook struct { } // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } +func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureMachine) (admission.Warnings, error) { spec := m.Spec allErrs := validateAzureMachineSpec(spec) @@ -78,16 +72,8 @@ func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, obj runtime.Obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureMachine) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } - m, ok := newObj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "image"), @@ -238,15 +224,11 @@ func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mw *AzureMachineWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureMachine) (admission.Warnings, error) { return nil, nil } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureMachine) - if !ok { - return apierrors.NewBadRequest("expected an AzureMachine resource") - } +func (mw *AzureMachineWebhook) Default(_ context.Context, m *infrav1.AzureMachine) error { return apiinternal.SetDefaultsAzureMachine(m, mw.client) } diff --git a/internal/webhooks/azuremachinetemplate_webhook.go b/internal/webhooks/azuremachinetemplate_webhook.go index 32685ecb663..e80bd37db08 100644 --- a/internal/webhooks/azuremachinetemplate_webhook.go +++ b/internal/webhooks/azuremachinetemplate_webhook.go @@ -22,12 +22,10 @@ import ( "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" "sigs.k8s.io/cluster-api/util/topology" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -43,8 +41,7 @@ const ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureMachineTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureMachineTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureMachineTemplate{}). WithValidator(w). WithDefaulter(w). Complete() @@ -56,12 +53,11 @@ func (w *AzureMachineTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureMachineTemplateWebhook implements a validating and defaulting webhook for AzureMachineTemplate. type AzureMachineTemplateWebhook struct{} -var _ webhook.CustomDefaulter = &AzureMachineTemplateWebhook{} -var _ webhook.CustomValidator = &AzureMachineTemplateWebhook{} +var _ admission.Defaulter[*infrav1.AzureMachineTemplate] = &AzureMachineTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureMachineTemplate] = &AzureMachineTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - r := obj.(*infrav1.AzureMachineTemplate) +func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, r *infrav1.AzureMachineTemplate) (admission.Warnings, error) { spec := r.Spec.Template.Spec allErrs := validateAzureMachineSpec(spec) @@ -104,10 +100,8 @@ func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, obj runtim } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldRaw runtime.Object, newRaw runtime.Object) (admission.Warnings, error) { +func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, old, t *infrav1.AzureMachineTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureMachineTemplate) - t := newRaw.(*infrav1.AzureMachineTemplate) req, err := admission.RequestFromContext(ctx) if err != nil { @@ -148,13 +142,12 @@ func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldRaw } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureMachineTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureMachineTemplate) (admission.Warnings, error) { return nil, nil } // Default implements webhookutil.defaulter so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - t := obj.(*infrav1.AzureMachineTemplate) +func (*AzureMachineTemplateWebhook) Default(_ context.Context, t *infrav1.AzureMachineTemplate) error { if err := apiinternal.SetDefaultAzureMachineSpecSSHPublicKey(&t.Spec.Template.Spec); err != nil { ctrl.Log.WithName("SetDefault").Error(err, "SetDefaultSSHPublicKey failed") } diff --git a/internal/webhooks/azuremanagedcluster_webhook.go b/internal/webhooks/azuremanagedcluster_webhook.go index b7a413d5571..518b6e8d4a8 100644 --- a/internal/webhooks/azuremanagedcluster_webhook.go +++ b/internal/webhooks/azuremanagedcluster_webhook.go @@ -19,9 +19,7 @@ package webhooks import ( "context" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -29,8 +27,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureManagedClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedCluster{}). WithValidator(w). Complete() } @@ -40,19 +37,19 @@ type AzureManagedClusterWebhook struct{} // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedclusters,versions=v1beta1,name=validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -var _ webhook.CustomValidator = &AzureManagedClusterWebhook{} +var _ admission.Validator[*infrav1.AzureManagedCluster] = &AzureManagedClusterWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedclustertemplate_webhook.go b/internal/webhooks/azuremanagedclustertemplate_webhook.go index a0fcd87fdc2..1cc17a6b908 100644 --- a/internal/webhooks/azuremanagedclustertemplate_webhook.go +++ b/internal/webhooks/azuremanagedclustertemplate_webhook.go @@ -19,9 +19,7 @@ package webhooks import ( "context" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -29,8 +27,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureManagedClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedClusterTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedClusterTemplate{}). WithValidator(w). Complete() } @@ -40,19 +37,19 @@ func (w *AzureManagedClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Ma // AzureManagedClusterTemplateWebhook implements a validating webhook for AzureManagedClusterTemplate. type AzureManagedClusterTemplateWebhook struct{} -var _ webhook.CustomValidator = &AzureManagedClusterTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureManagedClusterTemplate] = &AzureManagedClusterTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedcontrolplane_webhook.go b/internal/webhooks/azuremanagedcontrolplane_webhook.go index 90b722d481d..c52a3edfbf4 100644 --- a/internal/webhooks/azuremanagedcontrolplane_webhook.go +++ b/internal/webhooks/azuremanagedcontrolplane_webhook.go @@ -22,7 +22,6 @@ import ( "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" @@ -47,8 +46,7 @@ func (mw *AzureManagedControlPlaneWebhook) SetupWebhookWithManager(mgr ctrl.Mana mw.client = mgr.GetClient() mw.logger = mgr.GetLogger().WithName("AzureManagedControlPlane") - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedControlPlane{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedControlPlane{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -63,12 +61,7 @@ type AzureManagedControlPlaneWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureManagedControlPlane) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - +func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, m *infrav1.AzureManagedControlPlane) error { m.Spec.Version = apiinternal.NormalizeVersion(m.Spec.Version) m.Spec.SKU = apiinternal.DefaultSku(mw.logger, m.Spec.SKU) m.Spec.FleetsMember = apiinternal.DefaultFleetsMember(m.Spec.FleetsMember, m.Labels) @@ -91,26 +84,13 @@ func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, obj runtim // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedcontrolplanes,versions=v1beta1,name=validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - +func (mw *AzureManagedControlPlaneWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { return nil, validateAzureManagedControlPlane(m, mw.client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - m, ok := newObj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } immutableFields := []struct { path *field.Path @@ -218,6 +198,6 @@ func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, old } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mw *AzureManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go b/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go index 521a3d9c41f..415072fd835 100644 --- a/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go +++ b/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go @@ -21,7 +21,6 @@ import ( "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -37,8 +36,7 @@ func (mcpw *AzureManagedControlPlaneTemplateWebhook) SetupWebhookWithManager(mgr mcpw.client = mgr.GetClient() mcpw.logger = mgr.GetLogger().WithName("AzureManagedControlPlaneTemplate") - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedControlPlaneTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedControlPlaneTemplate{}). WithDefaulter(mcpw). WithValidator(mcpw). Complete() @@ -54,36 +52,19 @@ type AzureManagedControlPlaneTemplateWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - mcp, ok := obj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } +func (mcpw *AzureManagedControlPlaneTemplateWebhook) Default(_ context.Context, mcp *infrav1.AzureManagedControlPlaneTemplate) error { apiinternal.SetDefaultsAzureManagedControlPlaneTemplate(mcpw.logger, mcp) return nil } // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mcp, ok := obj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } - +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateCreate(_ context.Context, mcp *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { return nil, validateAzureManagedControlPlaneTemplate(mcp, mcpw.client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Context, old, mcp *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } - mcp, ok := newObj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "template", "spec", "subscriptionID"), old.Spec.Template.Spec.SubscriptionID, @@ -191,6 +172,6 @@ func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Co } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedmachinepool_webhook.go b/internal/webhooks/azuremanagedmachinepool_webhook.go index 889bff91370..cd2f9dfcfc7 100644 --- a/internal/webhooks/azuremanagedmachinepool_webhook.go +++ b/internal/webhooks/azuremanagedmachinepool_webhook.go @@ -22,7 +22,6 @@ import ( "github.com/pkg/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" @@ -40,8 +39,7 @@ var validNodePublicPrefixID = regexp.MustCompile(`(?i)^/?subscriptions/[0-9a-f]{ func (mw *AzureManagedMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedMachinePool{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedMachinePool{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -55,11 +53,7 @@ type AzureManagedMachinePoolWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, m *infrav1.AzureManagedMachinePool) error { if m.Labels == nil { m.Labels = make(map[string]string) } @@ -79,12 +73,7 @@ func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, obj runtime //+kubebuilder:webhook:verbs=create;update;delete,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepools,versions=v1beta1,name=validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } - +func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { var errs []error errs = append(errs, validateMaxPods( @@ -132,15 +121,7 @@ func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - old, ok := oldObj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } - m, ok := newObj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { var allErrs field.ErrorList if err := webhookutils.ValidateImmutable( @@ -286,11 +267,7 @@ func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, oldO } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) ValidateDelete(_ context.Context, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { if m.Spec.Mode != string(infrav1.NodePoolModeSystem) { return nil, nil } diff --git a/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go b/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go index f69305ead4f..3e3580f04e6 100644 --- a/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go +++ b/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go @@ -21,7 +21,6 @@ import ( "github.com/pkg/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" @@ -38,8 +37,7 @@ import ( func (mpw *AzureManagedMachinePoolTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mpw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedMachinePoolTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedMachinePoolTemplate{}). WithDefaulter(mpw). WithValidator(mpw). Complete() @@ -53,11 +51,7 @@ type AzureManagedMachinePoolTemplateWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } +func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) error { if mp.Labels == nil { mp.Labels = make(map[string]string) } @@ -75,12 +69,7 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, ob //+kubebuilder:webhook:verbs=create;update;delete,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepooltemplates,versions=v1beta1,name=validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } - +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { var errs []error errs = append(errs, validateMaxPods( @@ -124,16 +113,8 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Cont } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Context, old, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } - mp, ok := newObj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "template", "spec", "name"), @@ -270,11 +251,7 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Cont } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateDelete(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { if mp.Spec.Template.Spec.Mode != string(infrav1.NodePoolModeSystem) { return nil, nil } diff --git a/main.go b/main.go index 36db4f8c003..2cefa89bd38 100644 --- a/main.go +++ b/main.go @@ -24,11 +24,9 @@ import ( "time" // +kubebuilder:scaffold:imports - asocontainerservicev1api20210501 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20210501" asocontainerservicev1api20230201 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230201" asocontainerservicev1api20230315preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230315preview" asocontainerservicev1api20231001 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1api20231102preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" asocontainerservicev1api20240402preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" asocontainerservicev1api20240901 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" asokubernetesconfigurationv1 "github.com/Azure/azure-service-operator/v2/api/kubernetesconfiguration/v1api20230501" @@ -63,6 +61,7 @@ import ( infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" infrav1controllersexp "sigs.k8s.io/cluster-api-provider-azure/exp/controllers" "sigs.k8s.io/cluster-api-provider-azure/feature" + expwebhooks "sigs.k8s.io/cluster-api-provider-azure/internal/exp/webhooks" "sigs.k8s.io/cluster-api-provider-azure/internal/webhooks" "sigs.k8s.io/cluster-api-provider-azure/pkg/coalescing" "sigs.k8s.io/cluster-api-provider-azure/pkg/ot" @@ -83,13 +82,11 @@ func init() { _ = clusterv1.AddToScheme(scheme) _ = bootstrapv1.AddToScheme(scheme) _ = asoresourcesv1.AddToScheme(scheme) - _ = asocontainerservicev1api20210501.AddToScheme(scheme) _ = asocontainerservicev1api20230201.AddToScheme(scheme) _ = asocontainerservicev1api20231001.AddToScheme(scheme) _ = asonetworkv1api20220701.AddToScheme(scheme) _ = asonetworkv1api20201101.AddToScheme(scheme) _ = asocontainerservicev1api20230315preview.AddToScheme(scheme) - _ = asocontainerservicev1api20231102preview.AddToScheme(scheme) _ = asocontainerservicev1api20240402preview.AddToScheme(scheme) _ = asocontainerservicev1api20240901.AddToScheme(scheme) _ = asokubernetesconfigurationv1.AddToScheme(scheme) @@ -667,12 +664,12 @@ func registerWebhooks(mgr manager.Manager) { } if feature.Gates.Enabled(capifeature.MachinePool) { - if err := infrav1exp.SetupAzureMachinePoolWebhookWithManager(mgr); err != nil { + if err := (&expwebhooks.AzureMachinePoolWebhook{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePool") os.Exit(1) } - if err := (&infrav1exp.AzureMachinePoolMachine{}).SetupWebhookWithManager(mgr); err != nil { + if err := (&expwebhooks.AzureMachinePoolMachineWebhook{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePoolMachine") os.Exit(1) } diff --git a/metadata.yaml b/metadata.yaml index bc99e6dc455..c2d5ee34612 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -87,3 +87,6 @@ releaseSeries: - major: 1 minor: 23 contract: v1beta1 + - major: 1 + minor: 24 + contract: v1beta1 diff --git a/netlify.toml b/netlify.toml index 4bfcd4b11c4..91af8d1ff96 100644 --- a/netlify.toml +++ b/netlify.toml @@ -4,7 +4,7 @@ publish = "docs/book/bookout" [build.environment] - GO_VERSION = "1.24.x" + GO_VERSION = "1.25.x" # Standard Netlify redirects [[redirects]] diff --git a/pkg/mutators/azureasomanagedcontrolplane.go b/pkg/mutators/azureasomanagedcontrolplane.go index 7db6fa1eb26..bce23509f01 100644 --- a/pkg/mutators/azureasomanagedcontrolplane.go +++ b/pkg/mutators/azureasomanagedcontrolplane.go @@ -31,7 +31,7 @@ import ( // then updated to the user-defined value. If the field is immutable, this // update will fail. The linter should catch if there are missing fields, // but verify that check is actually working. - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/cluster-api/util" @@ -333,12 +333,15 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a EnableFIPS: hubPool.Spec.EnableFIPS, EnableNodePublicIP: hubPool.Spec.EnableNodePublicIP, EnableUltraSSD: hubPool.Spec.EnableUltraSSD, + GatewayProfile: hubPool.Spec.GatewayProfile, GpuInstanceProfile: hubPool.Spec.GpuInstanceProfile, + GpuProfile: hubPool.Spec.GpuProfile, HostGroupReference: hubPool.Spec.HostGroupReference, KubeletConfig: hubPool.Spec.KubeletConfig, KubeletDiskType: hubPool.Spec.KubeletDiskType, LinuxOSConfig: hubPool.Spec.LinuxOSConfig, MaxCount: hubPool.Spec.MaxCount, + MessageOfTheDay: hubPool.Spec.MessageOfTheDay, MaxPods: hubPool.Spec.MaxPods, MinCount: hubPool.Spec.MinCount, Mode: hubPool.Spec.Mode, @@ -352,6 +355,7 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a OsDiskType: hubPool.Spec.OsDiskType, OsSKU: hubPool.Spec.OsSKU, OsType: hubPool.Spec.OsType, + PodIPAllocationMode: hubPool.Spec.PodIPAllocationMode, PodSubnetReference: hubPool.Spec.PodSubnetReference, PowerState: hubPool.Spec.PowerState, PropertyBag: hubPool.Spec.PropertyBag, @@ -364,6 +368,8 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a Tags: hubPool.Spec.Tags, Type: hubPool.Spec.Type, UpgradeSettings: hubPool.Spec.UpgradeSettings, + VirtualMachineNodesStatus: hubPool.Spec.VirtualMachineNodesStatus, + VirtualMachinesProfile: hubPool.Spec.VirtualMachinesProfile, VmSize: hubPool.Spec.VmSize, VnetSubnetReference: hubPool.Spec.VnetSubnetReference, WindowsProfile: hubPool.Spec.WindowsProfile, diff --git a/pkg/mutators/azureasomanagedcontrolplane_test.go b/pkg/mutators/azureasomanagedcontrolplane_test.go index eb4d3d460b3..63e4a655af2 100644 --- a/pkg/mutators/azureasomanagedcontrolplane_test.go +++ b/pkg/mutators/azureasomanagedcontrolplane_test.go @@ -23,7 +23,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/scripts/go_install.sh b/scripts/go_install.sh index e32bdff3944..f663c5fd29a 100755 --- a/scripts/go_install.sh +++ b/scripts/go_install.sh @@ -39,6 +39,17 @@ fi rm "${GOBIN}/${2}"* 2> /dev/null || true +# Ensure tools are built with the project's Go toolchain version. +# CI images may have an older Go as the default, and `go install module@version` +# uses the module's own go.mod for toolchain selection, which may not require +# the newer Go version needed to process this project's source files. +if [ -f go.mod ]; then + toolchain=$(sed -n 's/^toolchain //p' go.mod) + if [ -n "${toolchain}" ]; then + export GOTOOLCHAIN="${toolchain}" + fi +fi + # install the golang module specified as the first argument go install -tags capztools "${1}@${3}" mv "${GOBIN}/${2}" "${GOBIN}/${2}-${3}" diff --git a/scripts/peer-vnets.sh b/scripts/peer-vnets.sh index 35ef21d3e76..9d3522483ca 100755 --- a/scripts/peer-vnets.sh +++ b/scripts/peer-vnets.sh @@ -51,6 +51,43 @@ print_step() { echo -e "${BOLD}${CYAN}Step $1:${NC} $2" } +# Retry wrapper for az commands to handle transient 429 (Too Many Requests) errors. +# Only retries when stderr indicates throttling; other errors fail immediately. +# Usage: az_retry az [args...] +az_retry() { + local max_retries="$1" + shift + local attempt=0 + local wait_time=5 + local stderr_file + stderr_file=$(mktemp) + # shellcheck disable=SC2064 + trap "rm -f '$stderr_file'" RETURN + while true; do + local exit_code=0 + "$@" 2> >(tee "$stderr_file" >&2) || exit_code=$? + if [ "$exit_code" -eq 0 ]; then + return 0 + fi + # Only retry on throttling (429) errors; fail immediately for anything else + if ! grep -qi -e "429" -e "Too Many Requests" -e "RetryAfter" -e "throttl" "$stderr_file"; then + return "$exit_code" + fi + attempt=$((attempt + 1)) + if [ "$attempt" -ge "$max_retries" ]; then + print_error "Command throttled after $max_retries attempts: $*" + return 1 + fi + print_warning "Throttled (attempt $attempt/$max_retries), retrying in ${wait_time}s..." + sleep "$wait_time" + # Exponential backoff capped at 60s + wait_time=$(( wait_time * 2 )) + if [ "$wait_time" -gt 60 ]; then + wait_time=60 + fi + done +} + usage() { cat < @@ -168,33 +205,53 @@ peer_vnets() { # Get VNET IDs with improved error handling az network vnet wait --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --created --timeout "${WAIT_TIMEOUT}" || error "Timeout waiting for management VNET" - MGMT_VNET_ID=$(az network vnet show --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --query id --output tsv) || error "Failed to get management VNET ID" + MGMT_VNET_ID=$(az_retry 5 az network vnet show --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --query id --output tsv) || error "Failed to get management VNET ID" print_step "1/4" "${AKS_MGMT_VNET_NAME} found and ${MGMT_VNET_ID} found" az network vnet wait --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --created --timeout "${WAIT_TIMEOUT}" || error "Timeout waiting for workload VNET" - WORKLOAD_VNET_ID=$(az network vnet show --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --query id --output tsv) || error "Failed to get workload VNET ID" + WORKLOAD_VNET_ID=$(az_retry 5 az network vnet show --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --query id --output tsv) || error "Failed to get workload VNET ID" print_step "2/4" "${CLUSTER_NAME}-vnet found and ${WORKLOAD_VNET_ID} found" - # Peer mgmt vnet with improved error handling - az network vnet peering create \ + # Create both peerings with --no-wait to reduce sequential API calls and + # mitigate 429 (Too Many Requests) throttling from Azure Resource Manager. + az_retry 5 az network vnet peering create \ --name "mgmt-to-${CLUSTER_NAME}" \ --resource-group "${AKS_RESOURCE_GROUP}" \ --vnet-name "${AKS_MGMT_VNET_NAME}" \ --remote-vnet "${WORKLOAD_VNET_ID}" \ --allow-vnet-access true \ --allow-forwarded-traffic true \ - --only-show-errors --output none || error "Failed to create management peering" - print_step "3/4" "mgmt-to-${CLUSTER_NAME} peering created in ${AKS_MGMT_VNET_NAME}" + --no-wait \ + --only-show-errors --output none || error "Failed to submit management peering" - # Peer workload vnet with improved error handling - az network vnet peering create \ + az_retry 5 az network vnet peering create \ --name "${CLUSTER_NAME}-to-mgmt" \ --resource-group "${CLUSTER_NAME}" \ --vnet-name "${CLUSTER_NAME}-vnet" \ --remote-vnet "${MGMT_VNET_ID}" \ --allow-vnet-access true \ --allow-forwarded-traffic true \ - --only-show-errors --output none || error "Failed to create workload peering" + --no-wait \ + --only-show-errors --output none || error "Failed to submit workload peering" + + print_info "Both peering requests submitted, waiting for completion..." + + # Wait for both peerings to complete. The wait command has built-in polling + # with backoff which handles transient errors more gracefully than synchronous creates. + az network vnet peering wait \ + --name "mgmt-to-${CLUSTER_NAME}" \ + --resource-group "${AKS_RESOURCE_GROUP}" \ + --vnet-name "${AKS_MGMT_VNET_NAME}" \ + --created --timeout "${WAIT_TIMEOUT}" \ + --only-show-errors --output none || error "Timeout waiting for management peering to complete" + print_step "3/4" "mgmt-to-${CLUSTER_NAME} peering created in ${AKS_MGMT_VNET_NAME}" + + az network vnet peering wait \ + --name "${CLUSTER_NAME}-to-mgmt" \ + --resource-group "${CLUSTER_NAME}" \ + --vnet-name "${CLUSTER_NAME}-vnet" \ + --created --timeout "${WAIT_TIMEOUT}" \ + --only-show-errors --output none || error "Timeout waiting for workload peering to complete" print_step "4/4" "${CLUSTER_NAME}-to-mgmt peering created in ${CLUSTER_NAME}-vnet" print_success "VNET peering completed successfully" } @@ -204,25 +261,39 @@ create_private_dns_zone() { print_header "Creating private DNS zone" # Create private DNS zone with improved error handling - az network private-dns zone create \ + az_retry 5 az network private-dns zone create \ --resource-group "${CLUSTER_NAME}" \ --name "${DNS_ZONE}" \ --only-show-errors --output none || error "Failed to create private DNS zone" - az network private-dns zone wait \ + az_retry 5 az network private-dns zone wait \ --resource-group "${CLUSTER_NAME}" \ --name "${DNS_ZONE}" \ --created --timeout "${WAIT_TIMEOUT}" \ --only-show-errors --output none || error "Timeout waiting for private DNS zone" print_step "1/4" "${DNS_ZONE} private DNS zone created in ${CLUSTER_NAME}" - # Link private DNS Zone to workload vnet with improved error handling - az network private-dns link vnet create \ + # Create both VNet links with --no-wait to reduce sequential API calls + az_retry 5 az network private-dns link vnet create \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ --name "${CLUSTER_NAME}-to-mgmt" \ --virtual-network "${WORKLOAD_VNET_ID}" \ --registration-enabled false \ - --only-show-errors --output none || error "Failed to create workload DNS link" + --no-wait \ + --only-show-errors --output none || error "Failed to submit workload DNS link" + + az_retry 5 az network private-dns link vnet create \ + --resource-group "${CLUSTER_NAME}" \ + --zone-name "${DNS_ZONE}" \ + --name "mgmt-to-${CLUSTER_NAME}" \ + --virtual-network "${MGMT_VNET_ID}" \ + --registration-enabled false \ + --no-wait \ + --only-show-errors --output none || error "Failed to submit management DNS link" + + print_info "Both DNS link requests submitted, waiting for completion..." + + # Wait for both links to complete az network private-dns link vnet wait \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ @@ -231,14 +302,6 @@ create_private_dns_zone() { --only-show-errors --output none || error "Timeout waiting for workload DNS link" print_step "2/4" "workload cluster vnet ${CLUSTER_NAME}-vnet linked with private DNS zone" - # Link private DNS Zone to mgmt vnet with improved error handling - az network private-dns link vnet create \ - --resource-group "${CLUSTER_NAME}" \ - --zone-name "${DNS_ZONE}" \ - --name "mgmt-to-${CLUSTER_NAME}" \ - --virtual-network "${MGMT_VNET_ID}" \ - --registration-enabled false \ - --only-show-errors --output none || error "Failed to create management DNS link" az network private-dns link vnet wait \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ @@ -248,7 +311,7 @@ create_private_dns_zone() { print_step "3/4" "management cluster vnet ${AKS_MGMT_VNET_NAME} linked with private DNS zone" # Create private DNS zone record with improved error handling - az network private-dns record-set a add-record \ + az_retry 5 az network private-dns record-set a add-record \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ --record-set-name "@" \ @@ -319,7 +382,7 @@ wait_and_fix_nsg_rules() { print_info "Allowed TCP ports: $tcp_ports" if az network nsg rule show --resource-group "$rg" --nsg-name "$nsg" --name "NRMS-Rule-101" --output none 2>/dev/null; then # shellcheck disable=SC2086 - az network nsg rule update \ + az_retry 5 az network nsg rule update \ --resource-group "$rg" \ --nsg-name "$nsg" \ --name "NRMS-Rule-101" \ @@ -337,7 +400,7 @@ wait_and_fix_nsg_rules() { print_info "Configuring NRMS-Rule-103 in NSG '$nsg' (Resource Group: '$rg')" print_info "Allowed UDP ports: $udp_ports" # shellcheck disable=SC2086 - az network nsg rule update \ + az_retry 5 az network nsg rule update \ --resource-group "$rg" \ --nsg-name "$nsg" \ --name "NRMS-Rule-103" \ diff --git a/templates/cluster-template-aad.yaml b/templates/cluster-template-aad.yaml index 4a2a4ba7bdb..079e7c69f89 100644 --- a/templates/cluster-template-aad.yaml +++ b/templates/cluster-template-aad.yaml @@ -54,6 +54,7 @@ spec: oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ oidc-username-claim: oid oidc-username-prefix: '-' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-aks-aso-maintenance.yaml b/templates/cluster-template-aks-aso-maintenance.yaml new file mode 100644 index 00000000000..0108f945935 --- /dev/null +++ b/templates/cluster-template-aks-aso-maintenance.yaml @@ -0,0 +1,194 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedCluster + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME} + spec: + dnsPrefix: ${CLUSTER_NAME} + identity: + type: SystemAssigned + location: ${AZURE_LOCATION} + networkProfile: + networkPlugin: azure + owner: + name: ${CLUSTER_NAME} + servicePrincipalProfile: + clientId: msi + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-default + spec: + azureName: default + owner: + name: ${CLUSTER_NAME} + timeInWeek: + - day: Sunday + hourSlots: + - 0 + - 1 + - 2 + - 3 + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-aksmanagedautoupgradeschedule + spec: + azureName: aksManagedAutoUpgradeSchedule + maintenanceWindow: + durationHours: 4 + notAllowedDates: + - end: "2026-12-26" + start: "2026-12-23" + schedule: + weekly: + dayOfWeek: Sunday + intervalWeeks: 1 + startTime: "02:00" + utcOffset: "-05:00" + owner: + name: ${CLUSTER_NAME} + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-aksmanagednodeosupgradeschedule + spec: + azureName: aksManagedNodeOSUpgradeSchedule + maintenanceWindow: + durationHours: 4 + schedule: + weekly: + dayOfWeek: Sunday + intervalWeeks: 1 + startTime: "02:00" + utcOffset: "-05:00" + owner: + name: ${CLUSTER_NAME} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + resources: + - apiVersion: resources.azure.com/v1api20200601 + kind: ResourceGroup + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME} + spec: + location: ${AZURE_LOCATION} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedClustersAgentPool + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-pool0 + spec: + azureName: pool0 + mode: System + owner: + name: ${CLUSTER_NAME} + type: VirtualMachineScaleSets + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedClustersAgentPool + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-pool1 + spec: + azureName: pool1 + mode: User + owner: + name: ${CLUSTER_NAME} + type: VirtualMachineScaleSets + vmSize: ${AZURE_NODE_MACHINE_TYPE} diff --git a/templates/cluster-template-apiserver-ilb.yaml b/templates/cluster-template-apiserver-ilb.yaml index 4dbd15c6550..cfc33f273e2 100644 --- a/templates/cluster-template-apiserver-ilb.yaml +++ b/templates/cluster-template-apiserver-ilb.yaml @@ -62,7 +62,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-azure-bastion.yaml b/templates/cluster-template-azure-bastion.yaml index 0da65077598..0473eea2d64 100644 --- a/templates/cluster-template-azure-bastion.yaml +++ b/templates/cluster-template-azure-bastion.yaml @@ -50,7 +50,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-azure-cni-v1.yaml b/templates/cluster-template-azure-cni-v1.yaml index b0d0af42ef8..c63415e3a45 100644 --- a/templates/cluster-template-azure-cni-v1.yaml +++ b/templates/cluster-template-azure-cni-v1.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-clusterclass-rke2.yaml b/templates/cluster-template-clusterclass-rke2.yaml index c2d6b587a46..06e37e7779f 100644 --- a/templates/cluster-template-clusterclass-rke2.yaml +++ b/templates/cluster-template-clusterclass-rke2.yaml @@ -11,7 +11,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-control-plane ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane infrastructure: @@ -58,7 +58,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -79,7 +79,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -103,7 +103,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -172,7 +172,7 @@ spec: diskSizeGB: 30 osType: Linux --- -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane @@ -200,7 +200,7 @@ spec: extraArgs: - --anonymous-auth=true --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/cluster-template-dual-stack.yaml b/templates/cluster-template-dual-stack.yaml index 626680c024f..97669e69165 100644 --- a/templates/cluster-template-dual-stack.yaml +++ b/templates/cluster-template-dual-stack.yaml @@ -64,7 +64,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-edgezone.yaml b/templates/cluster-template-edgezone.yaml index ce59da67964..1cb9e566289 100644 --- a/templates/cluster-template-edgezone.yaml +++ b/templates/cluster-template-edgezone.yaml @@ -51,7 +51,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-ephemeral.yaml b/templates/cluster-template-ephemeral.yaml index bef4bb61436..1362f788e0c 100644 --- a/templates/cluster-template-ephemeral.yaml +++ b/templates/cluster-template-ephemeral.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-flatcar-sysext.yaml b/templates/cluster-template-flatcar-sysext.yaml index 07f6ced9178..0e1eb3567e2 100644 --- a/templates/cluster-template-flatcar-sysext.yaml +++ b/templates/cluster-template-flatcar-sysext.yaml @@ -129,7 +129,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-flatcar.yaml b/templates/cluster-template-flatcar.yaml index 367076f0910..9c4c6600a30 100644 --- a/templates/cluster-template-flatcar.yaml +++ b/templates/cluster-template-flatcar.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-ipv6.yaml b/templates/cluster-template-ipv6.yaml index 97c622ec3ec..37fcd6fe9b3 100644 --- a/templates/cluster-template-ipv6.yaml +++ b/templates/cluster-template-ipv6.yaml @@ -62,6 +62,7 @@ spec: apiServer: extraArgs: bind-address: '::' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-machinepool-windows.yaml b/templates/cluster-template-machinepool-windows.yaml index f5e8ce9fe5c..dd6f47cfddf 100644 --- a/templates/cluster-template-machinepool-windows.yaml +++ b/templates/cluster-template-machinepool-windows.yaml @@ -52,7 +52,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-machinepool.yaml b/templates/cluster-template-machinepool.yaml index 97830128b27..9ab218b1396 100644 --- a/templates/cluster-template-machinepool.yaml +++ b/templates/cluster-template-machinepool.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-nvidia-gpu.yaml b/templates/cluster-template-nvidia-gpu.yaml index 21f06495aa8..d02120f1b26 100644 --- a/templates/cluster-template-nvidia-gpu.yaml +++ b/templates/cluster-template-nvidia-gpu.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-private.yaml b/templates/cluster-template-private.yaml index 786b6d52fc2..5aaf3ee57ae 100644 --- a/templates/cluster-template-private.yaml +++ b/templates/cluster-template-private.yaml @@ -57,7 +57,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-windows-apiserver-ilb.yaml b/templates/cluster-template-windows-apiserver-ilb.yaml index 2613ab07ad8..89f051a5347 100644 --- a/templates/cluster-template-windows-apiserver-ilb.yaml +++ b/templates/cluster-template-windows-apiserver-ilb.yaml @@ -66,7 +66,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-windows.yaml b/templates/cluster-template-windows.yaml index a704c6040af..852e11f605e 100644 --- a/templates/cluster-template-windows.yaml +++ b/templates/cluster-template-windows.yaml @@ -52,7 +52,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml index c6ec37941fc..e9f64b4c8d2 100644 --- a/templates/cluster-template.yaml +++ b/templates/cluster-template.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/flavors/README.md b/templates/flavors/README.md index a619e33282a..2120d999e77 100644 --- a/templates/flavors/README.md +++ b/templates/flavors/README.md @@ -4,7 +4,7 @@ In `clusterctl` the infrastructure provider authors can provide different type o or flavors; use the --flavor flag to specify which flavor to use; e.g ```shell -clusterctl generate cluster my-cluster --kubernetes-version v1.33.6 \ +clusterctl generate cluster my-cluster --kubernetes-version v1.35.4 \ --flavor private > my-cluster.yaml ``` @@ -66,7 +66,7 @@ worker-templates: AZURE_LOCATION: eastus AZURE_RESOURCE_GROUP: test-resource-group-name CONTROL_PLANE_MACHINE_COUNT: "1" - KUBERNETES_VERSION: v1.33.6 + KUBERNETES_VERSION: v1.35.4 AZURE_CONTROL_PLANE_MACHINE_TYPE: Standard_B2s WORKER_MACHINE_COUNT: "2" AZURE_NODE_MACHINE_TYPE: Standard_B2s @@ -88,6 +88,6 @@ worker-templates: metadata: AZURE_CONTROL_PLANE_MACHINE_TYPE: Standard_B2s AZURE_LOCATION: southcentralus - KUBERNETES_VERSION: v1.33.6 + KUBERNETES_VERSION: v1.35.4 WORKER_MACHINE_COUNT: "1" ``` diff --git a/templates/flavors/aks-aso-maintenance/kustomization.yaml b/templates/flavors/aks-aso-maintenance/kustomization.yaml new file mode 100644 index 00000000000..775a3c73da3 --- /dev/null +++ b/templates/flavors/aks-aso-maintenance/kustomization.yaml @@ -0,0 +1,81 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: +- ../aks-aso + +patches: +- patch: |- + - op: test + path: /spec/resources/0/kind + value: ManagedCluster + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-default + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: default + owner: + name: ${CLUSTER_NAME} + timeInWeek: + - day: Sunday + hourSlots: + - 0 + - 1 + - 2 + - 3 + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-aksmanagedautoupgradeschedule + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: aksManagedAutoUpgradeSchedule + owner: + name: ${CLUSTER_NAME} + maintenanceWindow: + durationHours: 4 + utcOffset: "-05:00" + startTime: "02:00" + schedule: + weekly: + intervalWeeks: 1 + dayOfWeek: Sunday + notAllowedDates: + - start: "2026-12-23" + end: "2026-12-26" + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-aksmanagednodeosupgradeschedule + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: aksManagedNodeOSUpgradeSchedule + owner: + name: ${CLUSTER_NAME} + maintenanceWindow: + durationHours: 4 + utcOffset: "-05:00" + startTime: "02:00" + schedule: + weekly: + intervalWeeks: 1 + dayOfWeek: Sunday + target: + kind: AzureASOManagedControlPlane + +sortOptions: + order: fifo diff --git a/templates/flavors/base/cluster-template.yaml b/templates/flavors/base/cluster-template.yaml index 13bf2a5aabc..753fccce62e 100644 --- a/templates/flavors/base/cluster-template.yaml +++ b/templates/flavors/base/cluster-template.yaml @@ -58,7 +58,8 @@ spec: clusterConfiguration: apiServer: timeoutForControlPlane: 20m - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} controllerManager: extraArgs: allocate-node-cidrs: "false" diff --git a/templates/flavors/clusterclass-rke2/clusterclass.yaml b/templates/flavors/clusterclass-rke2/clusterclass.yaml index 51dc29cb251..23d20e0a361 100644 --- a/templates/flavors/clusterclass-rke2/clusterclass.yaml +++ b/templates/flavors/clusterclass-rke2/clusterclass.yaml @@ -5,7 +5,7 @@ metadata: spec: controlPlane: ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane machineInfrastructure: @@ -24,7 +24,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -72,7 +72,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -81,7 +81,7 @@ spec: - name: azureMachineTemplate definitions: - selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true diff --git a/templates/flavors/clusterclass-rke2/rke2-config-template.yaml b/templates/flavors/clusterclass-rke2/rke2-config-template.yaml index 5167ecf38da..b519fe67f2c 100644 --- a/templates/flavors/clusterclass-rke2/rke2-config-template.yaml +++ b/templates/flavors/clusterclass-rke2/rke2-config-template.yaml @@ -1,4 +1,4 @@ -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml b/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml index 3414bb06971..0864af660fe 100644 --- a/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml +++ b/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml @@ -1,4 +1,4 @@ -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane diff --git a/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml b/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml index 630287b07ac..4b065dd4eaf 100644 --- a/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml +++ b/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml index e09b4ce6ec1..6a4074ee823 100644 --- a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml +++ b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-azl3.yaml b/templates/test/ci/cluster-template-prow-azl3.yaml index 657277af397..546a10bc466 100644 --- a/templates/test/ci/cluster-template-prow-azl3.yaml +++ b/templates/test/ci/cluster-template-prow-azl3.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml b/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml index e326a3b2f55..8049287550a 100644 --- a/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml +++ b/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml @@ -54,7 +54,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml b/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml index 04a8517e750..8677a05e94e 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml index 0039a072291..67d4d46f7b8 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml @@ -56,15 +56,16 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true v: "4" etcd: local: @@ -74,7 +75,7 @@ spec: kubernetesVersion: ci/${CI_VERSION} scheduler: extraArgs: - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -207,7 +208,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -215,7 +216,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -447,7 +448,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml index 41e64f48556..00dd8db59be 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml @@ -70,7 +70,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml index d986830669b..9706c8e459c 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml @@ -74,6 +74,7 @@ spec: extraArgs: bind-address: '::' feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml index 72256e5624d..04292078e24 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml @@ -56,13 +56,17 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -70,6 +74,9 @@ spec: extraArgs: quota-backend-bytes: "8589934592" kubernetesVersion: ci/${CI_VERSION} + scheduler: + extraArgs: + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 diff --git a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml index 1a251c525c3..4b96a52ce2b 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml @@ -61,6 +61,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version.yaml b/templates/test/ci/cluster-template-prow-ci-version.yaml index 9e986c27d47..7b38f9ffbe8 100644 --- a/templates/test/ci/cluster-template-prow-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml index a357a4360db..981a77f1139 100644 --- a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml +++ b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml @@ -11,7 +11,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-control-plane ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane infrastructure: @@ -34,7 +34,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -53,7 +53,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -273,7 +273,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -282,7 +282,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-worker --- -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane @@ -372,7 +372,7 @@ spec: diskSizeGB: 30 osType: Linux --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/test/ci/cluster-template-prow-custom-vnet.yaml b/templates/test/ci/cluster-template-prow-custom-vnet.yaml index 2c8fca7738b..a52289998de 100644 --- a/templates/test/ci/cluster-template-prow-custom-vnet.yaml +++ b/templates/test/ci/cluster-template-prow-custom-vnet.yaml @@ -62,7 +62,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml index edf4103d911..6e5313c160f 100644 --- a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml +++ b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: @@ -204,7 +205,37 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi @@ -453,7 +484,37 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi @@ -817,7 +878,46 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + + # Clean up stale kubelet flags in /etc/sysconfig/kubelet. + # The gallery image may ship flags removed in newer k8s versions + # (e.g. --pod-infra-container-image was removed in v1.35). + if [ -f /etc/sysconfig/kubelet ]; then + echo "Sanitizing /etc/sysconfig/kubelet for $${TARGET_VERSION}" + sed -i 's/--pod-infra-container-image=[^ ]*//g' /etc/sysconfig/kubelet + fi + + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/cluster-template-prow-dual-stack.yaml b/templates/test/ci/cluster-template-prow-dual-stack.yaml index 924c5e996d2..c5ff22dff7c 100644 --- a/templates/test/ci/cluster-template-prow-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-dual-stack.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-edgezone.yaml b/templates/test/ci/cluster-template-prow-edgezone.yaml index e5257557ee1..0ec49cc56be 100644 --- a/templates/test/ci/cluster-template-prow-edgezone.yaml +++ b/templates/test/ci/cluster-template-prow-edgezone.yaml @@ -58,7 +58,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml index f9814e761b3..a764db0d693 100644 --- a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml +++ b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml @@ -258,7 +258,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ipv6.yaml b/templates/test/ci/cluster-template-prow-ipv6.yaml index afbfd871215..8f05a437d0b 100644 --- a/templates/test/ci/cluster-template-prow-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ipv6.yaml @@ -69,6 +69,7 @@ spec: apiServer: extraArgs: bind-address: '::' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml new file mode 100644 index 00000000000..a038da074d8 --- /dev/null +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml @@ -0,0 +1,636 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} + cni: calico + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + additionalTags: + buildProvenance: ${BUILD_PROVENANCE} + creationTimestamp: ${TIMESTAMP} + jobName: ${JOB_NAME} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + v: "4" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + kubernetesVersion: ci/${CI_VERSION} + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # Run the az login command with managed identity + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + echo "Use OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + else + echo "Using curl to download the OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + fi + owner: root:root + path: /tmp/oot-cred-provider.sh + permissions: "0744" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # This test installs release packages or binaries that are a result of the CI and release builds. + # It runs '... --version' commands to verify that the binaries are correctly installed + # and finally uninstalls the packages. + # For the release packages it tests all versions in the support skew. + LINE_SEPARATOR="*************************************************" + echo "$${LINE_SEPARATOR}" + CI_VERSION=${CI_VERSION} + + # Note: We assume if kubectl has the right version, everything else has as well + if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then + echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" + exit 0 + fi + if [[ "$${CI_VERSION}" != "" ]]; then + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" + # Set CI_URL to the released binaries for actually released versions. + if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then + CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + fi + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev + # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl + echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" + wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done + + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io + fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done + fi + echo "* checking binary versions" + echo "ctr version: " "$(ctr version)" + echo "kubeadm version: " "$(kubeadm version -o=short)" + echo "kubectl version: " "$(kubectl version --client=true)" + echo "kubelet version: " "$(kubelet --version)" + echo "$${LINE_SEPARATOR}" + owner: root:root + path: /tmp/kubeadm-bootstrap.sh + permissions: "0744" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - bash -c /tmp/oot-cred-provider.sh + - bash -c /tmp/kubeadm-bootstrap.sh + verbosity: 5 + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + identity: UserAssigned + image: + computeGallery: + gallery: ClusterAPI-f72ceb4f-5159-4c26-a0fe-2ea738f0d019 + name: capi-ubun2-2404 + version: latest + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: azure:///subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + failureDomains: + - "1" + - "2" + - "3" + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: + labels: + nodepool: pool1 + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + identity: UserAssigned + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + image: + computeGallery: + gallery: ClusterAPI-f72ceb4f-5159-4c26-a0fe-2ea738f0d019 + name: capi-ubun2-2404 + version: latest + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmExtensions: + - name: CustomScript + protectedSettings: + commandToExecute: | + #!/bin/sh + echo "This script is a no-op used for extension testing purposes ..." + touch test_file + publisher: Microsoft.Azure.Extensions + version: "2.1" + vmSize: ${AZURE_NODE_MACHINE_TYPE} + userAssignedIdentities: + - providerID: azure:///subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # Run the az login command with managed identity + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + echo "Use OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + else + echo "Using curl to download the OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + fi + owner: root:root + path: /tmp/oot-cred-provider.sh + permissions: "0744" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # This test installs release packages or binaries that are a result of the CI and release builds. + # It runs '... --version' commands to verify that the binaries are correctly installed + # and finally uninstalls the packages. + # For the release packages it tests all versions in the support skew. + LINE_SEPARATOR="*************************************************" + echo "$${LINE_SEPARATOR}" + CI_VERSION=${CI_VERSION} + + # Note: We assume if kubectl has the right version, everything else has as well + if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then + echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" + exit 0 + fi + if [[ "$${CI_VERSION}" != "" ]]; then + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" + # Set CI_URL to the released binaries for actually released versions. + if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then + CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + fi + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev + # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl + echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" + wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done + + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io + fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done + fi + echo "* checking binary versions" + echo "ctr version: " "$(ctr version)" + echo "kubeadm version: " "$(kubeadm version -o=short)" + echo "kubectl version: " "$(kubectl version --client=true)" + echo "kubelet version: " "$(kubelet --version)" + echo "$${LINE_SEPARATOR}" + owner: root:root + path: /tmp/kubeadm-bootstrap.sh + permissions: "0744" + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: + - bash -c /tmp/oot-cred-provider.sh + - bash -c /tmp/kubeadm-bootstrap.sh +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} + tenantID: ${AZURE_TENANT_ID} + type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + maxUnhealthy: 100% + selector: + matchLabels: + cluster.x-k8s.io/control-plane: "" + unhealthyConditions: + - status: Unknown + timeout: 300s + type: Ready + - status: "False" + timeout: 300s + type: Ready +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: ${CLUSTER_NAME}-mhc-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + maxUnhealthy: 100% + selector: + matchLabels: + nodepool: pool1 + unhealthyConditions: + - status: "True" + timeout: 30s + type: E2ENodeUnhealthy +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: calico + namespace: default +spec: + chartName: tigera-operator + clusterSelector: + matchLabels: + cni: calico + namespace: tigera-operator + releaseName: projectcalico + repoURL: https://docs.tigera.io/calico/charts + valuesTemplate: | + installation: + cni: + type: Calico + ipam: + type: Calico + calicoNetwork: + bgp: Disabled + windowsDataplane: HNS + mtu: 1350 + ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} + - cidr: {{ $cidr }} + encapsulation: VXLAN{{end}} + typhaDeployment: + spec: + template: + spec: + # By default, typha tolerates all NoSchedule taints. This breaks + # scale-ins when it continuously gets scheduled onto an + # out-of-date Node that is being deleted. Tolerate only the + # NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + registry: capzcicommunity.azurecr.io + serviceCIDRs: + - 10.96.0.0/12 # must match cluster service CIDR (this is the default) + # Image and registry configuration for the tigera/operator pod + tigeraOperator: + image: tigera/operator + registry: capzcicommunity.azurecr.io + calicoctl: + image: capzcicommunity.azurecr.io/calico/ctl + # when kubernetesServiceEndpoint (required for windows) is added + # DNS configuration is needed to look up the api server name properly + # https://github.com/projectcalico/calico/issues/9536 + dnsConfig: + nameservers: + - 127.0.0.53 + options: + - name: edns0 + - name: trust-ad + kubernetesServiceEndpoint: + host: "{{ .Cluster.spec.controlPlaneEndpoint.host }}" + port: "{{ .Cluster.spec.controlPlaneEndpoint.port }}" + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + version: ${CALICO_VERSION} +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: azuredisk-csi-driver-chart + namespace: default +spec: + chartName: azuredisk-csi-driver + clusterSelector: + matchLabels: + azuredisk-csi: "true" + namespace: kube-system + releaseName: azuredisk-csi-driver-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts + valuesTemplate: |- + controller: + replicas: 1 + runOnControlPlane: true + windows: + useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: cloud-provider-azure-chart + namespace: default +spec: + chartName: cloud-provider-azure + clusterSelector: + matchLabels: + cloud-provider: azure + releaseName: cloud-provider-azure-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo + valuesTemplate: | + infra: + clusterName: {{ .Cluster.metadata.name }} + cloudControllerManager: + clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} + logVerbosity: 4 +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: cloud-provider-azure-chart-ci + namespace: default +spec: + chartName: cloud-provider-azure + clusterSelector: + matchLabels: + cloud-provider: azure-ci + releaseName: cloud-provider-azure-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo + valuesTemplate: | + infra: + clusterName: {{ .Cluster.metadata.name }} + cloudControllerManager: + cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} + cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} + clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} + imageName: "${CCM_IMAGE_NAME:-""}" + imageRepository: "${IMAGE_REGISTRY:-""}" + imageTag: "${IMAGE_TAG_CCM:-""}" + logVerbosity: ${CCM_LOG_VERBOSITY:-4} + replicas: ${CCM_COUNT:-1} + enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} + cloudNodeManager: + imageName: "${CNM_IMAGE_NAME:-""}" + imageRepository: "${IMAGE_REGISTRY:-""}" + imageTag: "${IMAGE_TAG_CNM:-""}" diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml index 04c83f93058..5a9a9863202 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml index 1f9656aa900..2e1e4cdbe9a 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml index 17f149e8b47..6b0339f65fc 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml index fad34c0b614..a8427086498 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool.yaml b/templates/test/ci/cluster-template-prow-machine-pool.yaml index 27d34935e6f..3b9d4ebad18 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml index 224efd3d617..52e657482de 100644 --- a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml +++ b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-private.yaml b/templates/test/ci/cluster-template-prow-private.yaml index 26910fdcb43..33a58fa267e 100644 --- a/templates/test/ci/cluster-template-prow-private.yaml +++ b/templates/test/ci/cluster-template-prow-private.yaml @@ -86,7 +86,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-spot.yaml b/templates/test/ci/cluster-template-prow-spot.yaml index 32ca12e3ba0..f6976ac39d9 100644 --- a/templates/test/ci/cluster-template-prow-spot.yaml +++ b/templates/test/ci/cluster-template-prow-spot.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-windows.yaml b/templates/test/ci/cluster-template-prow-windows.yaml index 85d8e32f4bb..a0421bda001 100644 --- a/templates/test/ci/cluster-template-prow-windows.yaml +++ b/templates/test/ci/cluster-template-prow-windows.yaml @@ -60,6 +60,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow.yaml b/templates/test/ci/cluster-template-prow.yaml index 80f8824828c..ce770c1b069 100644 --- a/templates/test/ci/cluster-template-prow.yaml +++ b/templates/test/ci/cluster-template-prow.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml b/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml new file mode 100644 index 00000000000..f5bfc443c9f --- /dev/null +++ b/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml @@ -0,0 +1,12 @@ +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/feature-gates + value: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/runtime-config + value: api/all=true +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/feature-gates + value: AllAlpha=true,AllBeta=true +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler/extraArgs/feature-gates + value: AllAlpha=true,AllBeta=true diff --git a/templates/test/ci/patches/dra-kubeadmconfig.yaml b/templates/test/ci/patches/dra-kubeadmconfig.yaml index ba40ff24700..e8d45809452 100644 --- a/templates/test/ci/patches/dra-kubeadmconfig.yaml +++ b/templates/test/ci/patches/dra-kubeadmconfig.yaml @@ -15,4 +15,4 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} diff --git a/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml b/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml index cbb1a5b6d6c..3d3f8cbf73f 100644 --- a/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml +++ b/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml @@ -15,4 +15,4 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/template/spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} diff --git a/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml b/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml index 7fe84606479..5f2352ad435 100644 --- a/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml +++ b/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml @@ -15,19 +15,19 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/feature-gates - value: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/runtime-config value: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler/extraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/initConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diff --git a/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml b/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml index 6e5dfc7604a..de1db3ff204 100644 --- a/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml +++ b/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml @@ -4,7 +4,17 @@ namespace: default resources: - ../prow-ci-version - ../../../flavors/machinepool/machine-pool-deployment.yaml -patches: +patches: +- patch: |- + - op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler + value: + extraArgs: {} + target: + kind: KubeadmControlPlane +- path: ../patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml + target: + kind: KubeadmControlPlane - path: ../prow-machine-pool-ci-version/patches/kubeadm-bootstrap-k8s-ci-binaries.yaml target: group: bootstrap.cluster.x-k8s.io diff --git a/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml b/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml index bbb1ffa37bf..f1ab02677b5 100644 --- a/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml +++ b/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml @@ -15,7 +15,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -27,7 +27,7 @@ spec: - name: controlPlaneAzureJsonSecretName definitions: - selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -46,7 +46,7 @@ spec: - name: workerAzureJsonSecretName definitions: - selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: diff --git a/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml b/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml index 182f3275be5..e66d1ab5f81 100644 --- a/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml +++ b/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml @@ -1,4 +1,4 @@ -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml index 93a552ccf3c..37ab535586d 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml @@ -110,7 +110,46 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + + # Clean up stale kubelet flags in /etc/sysconfig/kubelet. + # The gallery image may ship flags removed in newer k8s versions + # (e.g. --pod-infra-container-image was removed in v1.35). + if [ -f /etc/sysconfig/kubelet ]; then + echo "Sanitizing /etc/sysconfig/kubelet for $${TARGET_VERSION}" + sed -i 's/--pod-infra-container-image=[^ ]*//g' /etc/sysconfig/kubelet + fi + + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml index f636c822e73..96b020d347f 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml @@ -25,7 +25,37 @@ [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml index d869355c52d..77850b73921 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml @@ -25,7 +25,37 @@ [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml new file mode 100644 index 00000000000..5f6b93039b7 --- /dev/null +++ b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: +- ../prow-machine-pool-ci-version +patches: +- path: patches/machine-pool-multi-zone.yaml + +sortOptions: + order: fifo diff --git a/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml new file mode 100644 index 00000000000..f134e2009a2 --- /dev/null +++ b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml @@ -0,0 +1,10 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" + namespace: default +spec: + failureDomains: + - "1" + - "2" + - "3" diff --git a/templates/test/dev/cluster-template-custom-builds-dra.yaml b/templates/test/dev/cluster-template-custom-builds-dra.yaml index 485f2896271..966ab36723d 100644 --- a/templates/test/dev/cluster-template-custom-builds-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-dra.yaml @@ -58,15 +58,16 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true v: "4" etcd: local: @@ -76,7 +77,7 @@ spec: kubernetesVersion: ci/${CI_VERSION} scheduler: extraArgs: - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -207,7 +208,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -215,7 +216,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -399,7 +400,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml index 6b96986e383..d5a41ef5c9b 100644 --- a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml @@ -61,15 +61,16 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true kube-api-burst: "150" kube-api-qps: "75" v: "4" @@ -83,7 +84,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -153,47 +154,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" @@ -216,7 +215,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -224,7 +223,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -453,7 +452,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -1063,7 +1062,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml register-with-taints: monitoring:NoSchedule diff --git a/templates/test/dev/cluster-template-custom-builds-load.yaml b/templates/test/dev/cluster-template-custom-builds-load.yaml index 830b1d3dd93..b473a7c5919 100644 --- a/templates/test/dev/cluster-template-custom-builds-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load.yaml @@ -60,13 +60,17 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -78,6 +82,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -147,47 +152,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml index 25fe9de7b08..173947d0133 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml @@ -60,15 +60,16 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true kube-api-burst: "150" kube-api-qps: "75" v: "4" @@ -82,7 +83,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -213,7 +214,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -221,7 +222,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -409,7 +410,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -789,7 +790,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml register-with-taints: monitoring:NoSchedule diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml index 92b7f17d40d..e5180f6fe27 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml index 86d77991eea..41c15da2df1 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml @@ -61,7 +61,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml index 1145808676e..eeda131aa8d 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml @@ -57,7 +57,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-windows.yaml b/templates/test/dev/cluster-template-custom-builds-windows.yaml index 6e4b0ccb6ac..e28ea93d3f8 100644 --- a/templates/test/dev/cluster-template-custom-builds-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-windows.yaml @@ -63,6 +63,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml index b84b162195e..8d7721f8de8 100644 --- a/templates/test/dev/cluster-template-custom-builds.yaml +++ b/templates/test/dev/cluster-template-custom-builds.yaml @@ -58,13 +58,17 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -72,6 +76,9 @@ spec: extraArgs: quota-backend-bytes: "8589934592" kubernetesVersion: ci/${CI_VERSION} + scheduler: + extraArgs: + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -141,47 +148,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/templates/test/dev/custom-builds/kustomization.yaml b/templates/test/dev/custom-builds/kustomization.yaml index 7ce7e16d920..45b4e5e323f 100644 --- a/templates/test/dev/custom-builds/kustomization.yaml +++ b/templates/test/dev/custom-builds/kustomization.yaml @@ -5,6 +5,16 @@ resources: - ../../../test/ci/prow - ../../../addons/metrics-server/metrics-server-resource-set.yaml patches: +- patch: |- + - op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler + value: + extraArgs: {} + target: + kind: KubeadmControlPlane +- path: ../../../test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml + target: + kind: KubeadmControlPlane - path: ../../../test/ci/prow-ci-version/patches/oot-credential-provider.yaml target: group: bootstrap.cluster.x-k8s.io diff --git a/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml b/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml index 2605fa01dba..0395ff5bb67 100644 --- a/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml +++ b/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml @@ -17,47 +17,45 @@ echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/test/e2e/aks_maintenance_configuration.go b/test/e2e/aks_maintenance_configuration.go new file mode 100644 index 00000000000..b562e5a4c9b --- /dev/null +++ b/test/e2e/aks_maintenance_configuration.go @@ -0,0 +1,252 @@ +//go:build e2e +// +build e2e + +/* +Copyright 2026 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "context" + "encoding/json" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4" + asocontainerservicev1mc "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" + asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" + asoannotations "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" + "github.com/Azure/azure-service-operator/v2/pkg/genruntime" + asoconditions "github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" + "sigs.k8s.io/controller-runtime/pkg/client" + + infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + "sigs.k8s.io/cluster-api-provider-azure/azure" +) + +type AKSMaintenanceConfigurationSpecInput struct { + Cluster *clusterv1.Cluster + WaitForUpdate []interface{} +} + +func AKSMaintenanceConfigurationSpec(ctx context.Context, inputGetter func() AKSMaintenanceConfigurationSpecInput) { + input := inputGetter() + + cred, err := azidentity.NewDefaultAzureCredential(nil) + Expect(err).NotTo(HaveOccurred()) + + mcClient, err := armcontainerservice.NewMaintenanceConfigurationsClient(getSubscriptionID(Default), cred, nil) + Expect(err).NotTo(HaveOccurred()) + + mgmtClient := bootstrapClusterProxy.GetClient() + Expect(mgmtClient).NotTo(BeNil()) + + namespace := input.Cluster.Namespace + managedClusterName := input.Cluster.Spec.ControlPlaneRef.Name + + By("Discovering the AKS resource group from the AzureASOManagedCluster") + asoCluster := &infrav1.AzureASOManagedCluster{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: input.Cluster.Spec.InfrastructureRef.Name}, asoCluster)).To(Succeed()) + var resourceGroup string + for _, raw := range asoCluster.Spec.Resources { + u := &unstructured.Unstructured{} + Expect(u.UnmarshalJSON(raw.Raw)).To(Succeed()) + if u.GroupVersionKind().Kind != "ResourceGroup" { + continue + } + rg := &asoresourcesv1.ResourceGroup{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: u.GetName()}, rg)).To(Succeed()) + resourceGroup = rg.AzureName() + break + } + Expect(resourceGroup).NotTo(BeEmpty()) + + infraControlPlane := &infrav1.AzureASOManagedControlPlane{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: managedClusterName}, infraControlPlane)).To(Succeed()) + originalResources := append([]runtime.RawExtension(nil), infraControlPlane.Spec.Resources...) + + var credentialFrom string + for _, raw := range originalResources { + u := &unstructured.Unstructured{} + Expect(u.UnmarshalJSON(raw.Raw)).To(Succeed()) + if u.GroupVersionKind().Kind == "ManagedCluster" { + credentialFrom = u.GetAnnotations()[asoannotations.PerResourceSecret] + break + } + } + + newMC := func(name, azureName string, spec asocontainerservicev1mc.MaintenanceConfiguration_Spec) *asocontainerservicev1mc.MaintenanceConfiguration { + spec.AzureName = azureName + spec.Owner = &genruntime.KnownResourceReference{Name: managedClusterName} + mc := &asocontainerservicev1mc.MaintenanceConfiguration{ + TypeMeta: metav1.TypeMeta{ + APIVersion: asocontainerservicev1mc.GroupVersion.String(), + Kind: "MaintenanceConfiguration", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: input.Cluster.Name + "-" + name, + }, + Spec: spec, + } + if credentialFrom != "" { + mc.Annotations = map[string]string{asoannotations.PerResourceSecret: credentialFrom} + } + return mc + } + + weekly := func(day asocontainerservicev1mc.WeekDay) *asocontainerservicev1mc.MaintenanceWindow { + return &asocontainerservicev1mc.MaintenanceWindow{ + DurationHours: ptr.To(4), + UtcOffset: ptr.To("-05:00"), + StartTime: ptr.To("02:00"), + Schedule: &asocontainerservicev1mc.Schedule{ + Weekly: &asocontainerservicev1mc.WeeklySchedule{ + IntervalWeeks: ptr.To(1), + DayOfWeek: ptr.To(day), + }, + }, + } + } + + defaultMC := newMC("mc-default", "default", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + TimeInWeek: []asocontainerservicev1mc.TimeInWeek{{ + Day: ptr.To(asocontainerservicev1mc.WeekDay_Sunday), + HourSlots: []asocontainerservicev1mc.HourInDay{0, 1, 2, 3}, + }}, + }) + autoUpgradeMC := newMC("mc-auto-upgrade", "aksManagedAutoUpgradeSchedule", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + MaintenanceWindow: weekly(asocontainerservicev1mc.WeekDay_Sunday), + }) + nodeOSMC := newMC("mc-node-os-upgrade", "aksManagedNodeOSUpgradeSchedule", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + MaintenanceWindow: weekly(asocontainerservicev1mc.WeekDay_Sunday), + }) + + setMCs := func(mcs ...*asocontainerservicev1mc.MaintenanceConfiguration) { + Eventually(func(g Gomega) { + g.Expect(mgmtClient.Get(ctx, client.ObjectKeyFromObject(infraControlPlane), infraControlPlane)).To(Succeed()) + resources := append([]runtime.RawExtension(nil), originalResources...) + for _, mc := range mcs { + bs, err := json.Marshal(mc) + g.Expect(err).NotTo(HaveOccurred()) + resources = append(resources, runtime.RawExtension{Raw: bs}) + } + infraControlPlane.Spec.Resources = resources + g.Expect(mgmtClient.Update(ctx, infraControlPlane)).To(Succeed()) + }, input.WaitForUpdate...).Should(Succeed()) + } + + isReady := func(c asoconditions.Conditioner) bool { + conds := c.GetConditions() + if i, ok := conds.FindIndexByType(asoconditions.ConditionTypeReady); ok { + return conds[i].Status == metav1.ConditionTrue + } + return false + } + + By("Appending three MaintenanceConfigurations to the AzureASOManagedControlPlane") + setMCs(defaultMC, autoUpgradeMC, nodeOSMC) + + By("Waiting for each ASO MaintenanceConfiguration to reach Ready=True") + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{defaultMC, autoUpgradeMC, nodeOSMC} { + Eventually(func(g Gomega) { + got := &asocontainerservicev1mc.MaintenanceConfiguration{} + g.Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: mc.Name}, got)).To(Succeed()) + g.Expect(isReady(got)).To(BeTrue(), "expected ASO MaintenanceConfiguration %q to be Ready", mc.Name) + }, input.WaitForUpdate...).Should(Succeed()) + } + + By("Verifying the default MaintenanceConfiguration in Azure") + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, defaultMC.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties).NotTo(BeNil()) + expected := defaultMC.Spec.TimeInWeek + g.Expect(resp.Properties.TimeInWeek).To(HaveLen(len(expected))) + for i, want := range expected { + g.Expect(resp.Properties.TimeInWeek[i].Day).To(HaveValue(BeEquivalentTo(*want.Day))) + gotHours := make([]int32, 0, len(resp.Properties.TimeInWeek[i].HourSlots)) + for _, h := range resp.Properties.TimeInWeek[i].HourSlots { + gotHours = append(gotHours, *h) + } + wantHours := make([]int32, 0, len(want.HourSlots)) + for _, h := range want.HourSlots { + wantHours = append(wantHours, int32(h)) + } + g.Expect(gotHours).To(ConsistOf(wantHours)) + } + }, input.WaitForUpdate...).Should(Succeed()) + + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{autoUpgradeMC, nodeOSMC} { + Byf("Verifying the %s MaintenanceConfiguration in Azure", mc.Spec.AzureName) + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, mc.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow).NotTo(BeNil()) + want := mc.Spec.MaintenanceWindow + g.Expect(resp.Properties.MaintenanceWindow.DurationHours).To(HaveValue(BeEquivalentTo(*want.DurationHours))) + g.Expect(resp.Properties.MaintenanceWindow.UTCOffset).To(HaveValue(Equal(*want.UtcOffset))) + g.Expect(resp.Properties.MaintenanceWindow.StartTime).To(HaveValue(Equal(*want.StartTime))) + g.Expect(resp.Properties.MaintenanceWindow.Schedule).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.IntervalWeeks).To(HaveValue(BeEquivalentTo(*want.Schedule.Weekly.IntervalWeeks))) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.DayOfWeek).To(HaveValue(BeEquivalentTo(*want.Schedule.Weekly.DayOfWeek))) + }, input.WaitForUpdate...).Should(Succeed()) + } + + By("Updating the node-OS upgrade schedule from Sunday to Saturday") + nodeOSMC.Spec.MaintenanceWindow.Schedule.Weekly.DayOfWeek = ptr.To(asocontainerservicev1mc.WeekDay_Saturday) + setMCs(defaultMC, autoUpgradeMC, nodeOSMC) + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, nodeOSMC.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.DayOfWeek).To(HaveValue(BeEquivalentTo(*nodeOSMC.Spec.MaintenanceWindow.Schedule.Weekly.DayOfWeek))) + }, input.WaitForUpdate...).Should(Succeed()) + + By("Listing all maintenance configurations on the managed cluster") + Eventually(func(g Gomega) { + pager := mcClient.NewListByManagedClusterPager(resourceGroup, managedClusterName, nil) + seen := map[string]bool{} + for pager.More() { + page, err := pager.NextPage(ctx) + g.Expect(err).NotTo(HaveOccurred()) + for _, item := range page.Value { + if item != nil && item.Name != nil { + seen[*item.Name] = true + } + } + } + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{defaultMC, autoUpgradeMC, nodeOSMC} { + g.Expect(seen).To(HaveKey(mc.Spec.AzureName)) + } + }, input.WaitForUpdate...).Should(Succeed()) + + By("Removing the default MaintenanceConfiguration from spec.resources") + setMCs(autoUpgradeMC, nodeOSMC) + Eventually(func(g Gomega) { + _, err := mcClient.Get(ctx, resourceGroup, managedClusterName, defaultMC.Spec.AzureName, nil) + g.Expect(azure.ResourceNotFound(err)).To(BeTrue(), "expected MaintenanceConfiguration %q to be deleted from Azure, got err=%v", defaultMC.Spec.AzureName, err) + }, input.WaitForUpdate...).Should(Succeed()) + + By("Restoring the original spec.resources") + setMCs() +} diff --git a/test/e2e/aks_patches.go b/test/e2e/aks_patches.go index dcd1d75b502..2357d854817 100644 --- a/test/e2e/aks_patches.go +++ b/test/e2e/aks_patches.go @@ -26,7 +26,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/azure_clusterproxy.go b/test/e2e/azure_clusterproxy.go index 3aae66ffa85..c5eee4fc20e 100644 --- a/test/e2e/azure_clusterproxy.go +++ b/test/e2e/azure_clusterproxy.go @@ -35,7 +35,8 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1mc "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -78,6 +79,7 @@ func initScheme() *runtime.Scheme { Expect(asoresourcesv1.AddToScheme(scheme)).To(Succeed()) Expect(asocontainerservicev1.AddToScheme(scheme)).To(Succeed()) Expect(asocontainerservicev1preview.AddToScheme(scheme)).To(Succeed()) + Expect(asocontainerservicev1mc.AddToScheme(scheme)).To(Succeed()) return scheme } @@ -190,7 +192,14 @@ func (acp *AzureClusterProxy) collectNodes(ctx context.Context, namespace string workload := acp.GetWorkloadCluster(ctx, namespace, name) nodes := &corev1.NodeList{} - Expect(workload.GetClient().List(ctx, nodes)).To(Succeed()) + // Failing to collect node logs should not cause the test to fail. The workload cluster + // API server may be unreachable during teardown (for example due to a transient Azure + // load balancer / DNS issue), and we should not turn an otherwise-successful spec into + // a failure during [AfterEach] log collection. + if err := workload.GetClient().List(ctx, nodes); err != nil { + Logf("Failed to list nodes for workload cluster %s/%s: %v", namespace, name, err) + return + } var err error var nodeDescribe string diff --git a/test/e2e/azure_kuberay.go b/test/e2e/azure_kuberay.go index 8e5041b3114..55aec621646 100644 --- a/test/e2e/azure_kuberay.go +++ b/test/e2e/azure_kuberay.go @@ -41,8 +41,10 @@ const ( kubeRayOperatorHelmChartName = "kuberay-operator" kubeRayOperatorHelmReleaseName = "kuberay-operator" kubeRayOperatorNamespace = "default" - kubeRayVersion = "1.3.0" - rayImage = "rayproject/ray:2.41.0" + kubeRayVersion = "1.6.0" + rayVersion = "2.54.1" + rayImage = "rayproject/ray:" + rayVersion + objectStoreMemory = "200000000" // ~200MB, prevents Ray from consuming all of /dev/shm ) var rayClusterGVR = schema.GroupVersionResource{ @@ -285,79 +287,7 @@ func newRayClusterUnstructured(name, namespace string) *unstructured.Unstructure "name": name, "namespace": namespace, }, - "spec": map[string]interface{}{ - "rayVersion": "2.41.0", - "headGroupSpec": map[string]interface{}{ - "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-head", - "image": rayImage, - "ports": []interface{}{ - map[string]interface{}{ - "containerPort": int64(6379), - "name": "gcs-server", - }, - map[string]interface{}{ - "containerPort": int64(8265), - "name": "dashboard", - }, - map[string]interface{}{ - "containerPort": int64(10001), - "name": "client", - }, - }, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "2Gi", - }, - }, - }, - }, - }, - }, - }, - "workerGroupSpecs": []interface{}{ - map[string]interface{}{ - "replicas": int64(1), - "minReplicas": int64(1), - "maxReplicas": int64(1), - "groupName": "small-group", - "rayStartParams": map[string]interface{}{ - "num-cpus": "1", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-worker", - "image": rayImage, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - }, - }, - }, - }, - }, - }, - }, - }, + "spec": rayClusterSpec(), }, } } @@ -398,73 +328,80 @@ func newRayJobUnstructured(name, namespace string) *unstructured.Unstructured { }, }, }, - "rayClusterSpec": map[string]interface{}{ - "rayVersion": "2.41.0", - "headGroupSpec": map[string]interface{}{ - "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-head", - "image": rayImage, - "ports": []interface{}{ - map[string]interface{}{ - "containerPort": int64(6379), - "name": "gcs-server", - }, - map[string]interface{}{ - "containerPort": int64(8265), - "name": "dashboard", - }, - map[string]interface{}{ - "containerPort": int64(10001), - "name": "client", - }, - }, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "2Gi", - }, - }, - }, + "rayClusterSpec": rayClusterSpec(), + }, + }, + } +} + +// rayClusterSpec returns the shared RayCluster spec used by both RayCluster and RayJob resources. +func rayClusterSpec() map[string]interface{} { + return map[string]interface{}{ + "rayVersion": rayVersion, + "headGroupSpec": map[string]interface{}{ + "rayStartParams": map[string]interface{}{ + "dashboard-host": "0.0.0.0", + "object-store-memory": objectStoreMemory, + }, + "template": map[string]interface{}{ + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "name": "ray-head", + "image": rayImage, + "ports": []interface{}{ + map[string]interface{}{ + "containerPort": int64(6379), + "name": "gcs-server", + }, + map[string]interface{}{ + "containerPort": int64(8265), + "name": "dashboard", + }, + map[string]interface{}{ + "containerPort": int64(10001), + "name": "client", + }, + }, + "resources": map[string]interface{}{ + "requests": map[string]interface{}{ + "cpu": "500m", + "memory": "1Gi", + }, + "limits": map[string]interface{}{ + "cpu": "1", + "memory": "4Gi", }, }, }, }, - "workerGroupSpecs": []interface{}{ - map[string]interface{}{ - "replicas": int64(1), - "minReplicas": int64(1), - "maxReplicas": int64(1), - "groupName": "small-group", - "rayStartParams": map[string]interface{}{ - "num-cpus": "1", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-worker", - "image": rayImage, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - }, - }, + }, + }, + }, + "workerGroupSpecs": []interface{}{ + map[string]interface{}{ + "replicas": int64(1), + "minReplicas": int64(1), + "maxReplicas": int64(1), + "groupName": "small-group", + "rayStartParams": map[string]interface{}{ + "num-cpus": "1", + "object-store-memory": objectStoreMemory, + }, + "template": map[string]interface{}{ + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "name": "ray-worker", + "image": rayImage, + "resources": map[string]interface{}{ + "requests": map[string]interface{}{ + "cpu": "300m", + "memory": "1Gi", + }, + "limits": map[string]interface{}{ + "cpu": "500m", + "memory": "1Gi", }, }, }, diff --git a/test/e2e/azure_test.go b/test/e2e/azure_test.go index fb64d5a5113..1df14cba8c1 100644 --- a/test/e2e/azure_test.go +++ b/test/e2e/azure_test.go @@ -923,6 +923,15 @@ var _ = Describe("Workload cluster creation", func() { } }) }) + + By("Verifying AKS maintenance configurations", func() { + AKSMaintenanceConfigurationSpec(ctx, func() AKSMaintenanceConfigurationSpecInput { + return AKSMaintenanceConfigurationSpecInput{ + Cluster: result.Cluster, + WaitForUpdate: e2eConfig.GetIntervals(specName, "wait-machine-pool-nodes"), + } + }) + }) }) }) @@ -1050,7 +1059,7 @@ var _ = Describe("Workload cluster creation", func() { clusterName = getClusterName(clusterNamePrefix, "cc") // Init rke2 CP and bootstrap providers - rke2Version := "v0.21.1" + rke2Version := "v0.24.3" initInput := clusterctl.InitInput{ // pass reference to the management cluster hosting this test KubeconfigPath: bootstrapClusterProxy.GetKubeconfigPath(), @@ -1075,7 +1084,7 @@ var _ = Describe("Workload cluster creation", func() { // // If that issue is resolved then we can remove this workaround. objects, err := yaml.ToUnstructured([]byte(` -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: dry-run @@ -1085,7 +1094,7 @@ spec: spec: rolloutStrategy: {} --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: dry-run @@ -1464,7 +1473,7 @@ spec: // KubeRay tests deploy the KubeRay operator and verify Ray workloads run on a CAPZ cluster. // These correspond to the RayCluster and RayJob E2E test cases from the KubeRay buildkite CI. - Context("Creating a cluster and deploying KubeRay [OPTIONAL]", func() { + Context("Creating an AKS cluster and deploying KubeRay [KubeRay]", func() { It("Creates a RayCluster and verifies it becomes ready", func() { clusterName = getClusterName(clusterNamePrefix, "kuberay") kubernetesVersion, err := GetAKSKubernetesVersion(ctx, e2eConfig, AKSKubernetesVersion) @@ -1531,4 +1540,93 @@ spec: By("PASSED!") }) }) + + // KubeRay tests on a self-managed VM-based cluster. + Context("Creating a self-managed cluster and deploying KubeRay [KubeRay]", func() { + It("Creates a RayCluster and verifies it becomes ready", func() { + clusterName = getClusterName(clusterNamePrefix, "vm-kuberay") + kubernetesVersion, err := resolveCIVersion("latest") + Expect(err).NotTo(HaveOccurred()) + Expect(os.Setenv("CI_VERSION", kubernetesVersion)).To(Succeed()) + Expect(os.Setenv("CLOUD_PROVIDER_AZURE_LABEL", "azure-ci")).To(Succeed()) + + clusterctl.ApplyClusterTemplateAndWait(ctx, createApplyClusterTemplateInput( + specName, + withFlavor("ci-version"), + withNamespace(namespace.Name), + withClusterName(clusterName), + withKubernetesVersion(kubernetesVersion), + withControlPlaneMachineCount(1), + withWorkerMachineCount(1), + withControlPlaneWaiters(clusterctl.ControlPlaneWaiters{ + WaitForControlPlaneInitialized: EnsureControlPlaneInitialized, + }), + withPostMachinesProvisioned(func() { + EnsureDaemonsets(ctx, func() DaemonsetsSpecInput { + return DaemonsetsSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + } + }) + }), + ), result) + + By("Running the KubeRay RayCluster spec", func() { + KubeRayClusterSpec(ctx, func() KubeRayClusterSpecInput { + return KubeRayClusterSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + SkipCleanup: skipCleanup, + } + }) + }) + + By("PASSED!") + }) + + It("Creates a RayJob and verifies it completes successfully", func() { + clusterName = getClusterName(clusterNamePrefix, "vm-rayjob") + kubernetesVersion, err := resolveCIVersion("latest") + Expect(err).NotTo(HaveOccurred()) + Expect(os.Setenv("CI_VERSION", kubernetesVersion)).To(Succeed()) + Expect(os.Setenv("CLOUD_PROVIDER_AZURE_LABEL", "azure-ci")).To(Succeed()) + + clusterctl.ApplyClusterTemplateAndWait(ctx, createApplyClusterTemplateInput( + specName, + withFlavor("ci-version"), + withNamespace(namespace.Name), + withClusterName(clusterName), + withKubernetesVersion(kubernetesVersion), + withControlPlaneMachineCount(1), + withWorkerMachineCount(1), + withControlPlaneWaiters(clusterctl.ControlPlaneWaiters{ + WaitForControlPlaneInitialized: EnsureControlPlaneInitialized, + }), + withPostMachinesProvisioned(func() { + EnsureDaemonsets(ctx, func() DaemonsetsSpecInput { + return DaemonsetsSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + } + }) + }), + ), result) + + By("Running the KubeRay RayJob spec", func() { + KubeRayJobSpec(ctx, func() KubeRayJobSpecInput { + return KubeRayJobSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + SkipCleanup: skipCleanup, + } + }) + }) + + By("PASSED!") + }) + }) }) diff --git a/test/e2e/capi_test.go b/test/e2e/capi_test.go index 80809bcb730..18d993707b2 100644 --- a/test/e2e/capi_test.go +++ b/test/e2e/capi_test.go @@ -87,8 +87,8 @@ var _ = Describe("Running the Cluster API E2E tests", func() { }) Context("Running the MachineDeployment rollout spec", func() { - capi_e2e.MachineDeploymentRolloutSpec(ctx, func() capi_e2e.MachineDeploymentRolloutSpecInput { - return capi_e2e.MachineDeploymentRolloutSpecInput{ + capi_e2e.KCPAndMachineDeploymentRolloutSpec(ctx, func() capi_e2e.KCPAndMachineDeploymentRolloutSpecInput { + return capi_e2e.KCPAndMachineDeploymentRolloutSpecInput{ E2EConfig: e2eConfig, ClusterctlConfigPath: clusterctlConfigPath, BootstrapClusterProxy: bootstrapClusterProxy, diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index 19f04fec9f5..4b8ce5b4275 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -3,13 +3,19 @@ managementClusterName: capz-e2e images: - name: ${MANAGER_IMAGE} loadBehavior: mustLoad - - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.1 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.0 + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.1 + loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.7 + loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.1 + loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.2 loadBehavior: tryLoad providers: @@ -25,8 +31,19 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/core-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/core-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" + - old: "- --leader-elect" + new: "- --leader-elect\n - --remote-connection-grace-period=3m" + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/core-components.yaml type: url contract: v1beta2 files: @@ -49,8 +66,17 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/bootstrap-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/bootstrap-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/bootstrap-components.yaml type: url contract: v1beta2 files: @@ -71,8 +97,17 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/control-plane-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/control-plane-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/control-plane-components.yaml type: url contract: v1beta2 files: @@ -84,37 +119,37 @@ providers: - name: azure type: InfrastructureProvider versions: - - name: v1.21.2 # latest patch of earliest minor in supported v1beta1 releases; this is used for v1beta1 old --> v1beta1 latest clusterctl upgrades test only. - value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.21.2/infrastructure-components.yaml + - name: v1.22.2 # latest patch of earliest minor in supported v1beta1 releases; this is used for v1beta1 old --> v1beta1 latest clusterctl upgrades test only. + value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.22.2/infrastructure-components.yaml type: url contract: v1beta1 files: - sourcePath: "../data/shared/v1beta1_provider/metadata.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml" targetName: "cluster-template.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml" targetName: "cluster-template-machine-and-machine-pool.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml" targetName: "cluster-template-aks.yaml" replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.22.0 # latest patch of latest minor in supported v1beta1 releases; this is used for v1beta1 latest --> v1beta1 current clusterctl upgrades test only. - value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.22.0/infrastructure-components.yaml + - name: v1.23.0 # latest patch of latest minor in supported v1beta1 releases; this is used for v1beta1 latest --> v1beta1 current clusterctl upgrades test only. + value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.23.0/infrastructure-components.yaml type: url contract: v1beta1 files: - sourcePath: "../data/shared/v1beta1_provider/metadata.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml" targetName: "cluster-template.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml" targetName: "cluster-template-machine-and-machine-pool.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml" targetName: "cluster-template-aks.yaml" replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.23.99 # "vNext"; use manifests from local source files + - name: v1.24.99 # "vNext"; use manifests from local source files value: "${PWD}/test/e2e/data/infrastructure-azure/v1beta1/provider-components" contract: v1beta1 files: @@ -140,6 +175,8 @@ providers: targetName: "cluster-template-nvidia-gpu.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-private.yaml" targetName: "cluster-template-private.yaml" + - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version.yaml" + targetName: "cluster-template-ci-version.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml" targetName: "cluster-template-conformance-ci-artifacts.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml" @@ -209,8 +246,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v0.6.1 - value: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.1/addon-components.yaml + - name: v0.6.2 + value: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml type: url contract: v1beta1 files: @@ -222,17 +259,17 @@ providers: variables: AKS_KUBERNETES_VERSION: "latest" AKS_KUBERNETES_VERSION_UPGRADE_FROM: "latest-1" - KUBERNETES_VERSION: "${KUBERNETES_VERSION:-stable-1.33}" - KUBERNETES_VERSION_API_UPGRADE_FROM: "v1.32.10" + KUBERNETES_VERSION: "${KUBERNETES_VERSION:-stable-1.35}" + KUBERNETES_VERSION_API_UPGRADE_FROM: "${KUBERNETES_VERSION_API_UPGRADE_FROM:-v1.34.7}" # CAPZ_GALLERY_VERSION specifies the community gallery image version for the base node image. # This is separate from KUBERNETES_VERSION to allow testing custom Kubernetes builds with a # newer base image. Falls back to KUBERNETES_VERSION if not set. - CAPZ_GALLERY_VERSION: "${CAPZ_GALLERY_VERSION:-${KUBERNETES_VERSION:-stable-1.33}}" + CAPZ_GALLERY_VERSION: "${CAPZ_GALLERY_VERSION:-${KUBERNETES_VERSION:-stable-1.35}}" FLATCAR_VERSION: "${FLATCAR_VERSION:-latest}" ETCD_VERSION_UPGRADE_TO: "" # Use default COREDNS_VERSION_UPGRADE_TO: "" # Use default - KUBERNETES_VERSION_UPGRADE_TO: "${KUBERNETES_VERSION_UPGRADE_TO:-stable-1.33}" - KUBERNETES_VERSION_UPGRADE_FROM: "${KUBERNETES_VERSION_UPGRADE_FROM:-stable-1.32}" + KUBERNETES_VERSION_UPGRADE_TO: "${KUBERNETES_VERSION_UPGRADE_TO:-stable-1.35}" + KUBERNETES_VERSION_UPGRADE_FROM: "${KUBERNETES_VERSION_UPGRADE_FROM:-stable-1.34}" CNI: "${PWD}/templates/addons/calico.yaml" ADDONS_PATH: "${PWD}/templates/addons" REDACT_LOG_SCRIPT: "${PWD}/hack/log/redact.sh" @@ -259,11 +296,11 @@ variables: WINDOWS_CONTAINERD_URL: "${WINDOWS_CONTAINERD_URL:-}" AZURE_CNI_V1_MANIFEST_PATH: "${PWD}/templates/addons/azure-cni-v1.yaml" OLD_CAPI_UPGRADE_VERSION: "v1.11.7" - LATEST_CAPI_UPGRADE_VERSION: "v1.12.4" - OLD_PROVIDER_UPGRADE_VERSION: "v1.21.2" - LATEST_PROVIDER_UPGRADE_VERSION: "v1.22.0" + LATEST_CAPI_UPGRADE_VERSION: "v1.12.7" + OLD_PROVIDER_UPGRADE_VERSION: "v1.22.2" + LATEST_PROVIDER_UPGRADE_VERSION: "v1.23.0" OLD_CAAPH_UPGRADE_VERSION: "v0.5.3" - LATEST_CAAPH_UPGRADE_VERSION: "v0.6.1" + LATEST_CAAPH_UPGRADE_VERSION: "v0.6.2" CI_RG: "${CI_RG:-capz-ci}" USER_IDENTITY: "${USER_IDENTITY:-cloud-provider-user-identity}" EXP_APISERVER_ILB: "true" diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml new file mode 100644 index 00000000000..fe274e5f993 --- /dev/null +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml @@ -0,0 +1,15 @@ +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + machineTemplate: + taints: + - key: "pre-existing-on-initialization-taint" + value: "on-initialization-value" + effect: PreferNoSchedule + propagation: OnInitialization + - key: "pre-existing-always-taint" + value: "always-value" + effect: PreferNoSchedule + propagation: Always diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml index afd4db9339d..03116109b1c 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ../../../../../../templates/addons/cluster-api-helm/cloud-provider-azure.yaml - ../../../../../../templates/addons/cluster-api-helm/cloud-provider-azure-ci.yaml patches: +- path: kcp-taints.yaml - path: ../../../../../../templates/azure-cluster-identity/azurecluster-identity-ref.yaml - path: ../../../../../../templates/test/ci/patches/cluster-label-calico.yaml - path: ../../../../../../templates/test/ci/patches/cluster-label-cloud-provider-azure.yaml diff --git a/test/e2e/data/shared/v1beta1/metadata.yaml b/test/e2e/data/shared/v1beta1/metadata.yaml index fa0c67eb29f..f79cfd066a0 100644 --- a/test/e2e/data/shared/v1beta1/metadata.yaml +++ b/test/e2e/data/shared/v1beta1/metadata.yaml @@ -1,6 +1,9 @@ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 13 + contract: v1beta2 - major: 1 minor: 12 contract: v1beta2 diff --git a/test/e2e/data/shared/v1beta1_provider/metadata.yaml b/test/e2e/data/shared/v1beta1_provider/metadata.yaml index 1d456116fc6..8c7be9d2462 100644 --- a/test/e2e/data/shared/v1beta1_provider/metadata.yaml +++ b/test/e2e/data/shared/v1beta1_provider/metadata.yaml @@ -46,3 +46,6 @@ releaseSeries: - major: 1 minor: 23 contract: v1beta1 + - major: 1 + minor: 24 + contract: v1beta1 diff --git a/test/e2e/helpers.go b/test/e2e/helpers.go index afd50c93fb5..c61c2e95658 100644 --- a/test/e2e/helpers.go +++ b/test/e2e/helpers.go @@ -701,7 +701,7 @@ func resolveKubernetesVersions(config *clusterctl.E2EConfig) { windowsRequired := testWindows == "true" if windowsRequired { - windowsVersions := getVersionsInCommunityGallery(ctx, os.Getenv(AzureLocation), capiCommunityGallery, "capi-win-2019-containerd") + windowsVersions := getVersionsInCommunityGallery(ctx, os.Getenv(AzureLocation), capiCommunityGallery, "capi-win-2022-containerd") for k, v := range linuxVersions { if _, ok := windowsVersions[k]; ok { versions = append(versions, v)